Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: "Casur"
- [*] MalScore: 4.15
- [*] File Name: "meaykdxuvtfy.exe"
- [*] File Size: 239104
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "9759f54e6d4f7911c9b70c100460a557d7df375a57bb92e0f1dca383b425a058"
- [*] MD5: "7d8ec036a309d476e70d73707e4926be"
- [*] SHA1: "4867d960df74a6bacceb5f445caf480ec657ef13"
- [*] SHA512: "abaa8a8ee57875a0a4374dd7ae985f4363aa735b41f76377eda2eaa3d3663e7a99443df8273590a622ac8a9a1875e40cf41c1e3af04bad08e02573e5978c96d3"
- [*] CRC32: "44F8CBF2"
- [*] SSDEEP: "3072:25CyuTOrKDZ+gfrPsr4GJi6AJxogqKZHi3ViUKiCLtCCojElkYSFtHQ5gX:0CyuSr8TIr4VFqKu9qrofYS7ZX"
- [*] Process Execution: [
- "meaykdxuvtfy.exe",
- "cmd.exe",
- "powershell.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "File has been identified by 5 Antiviruses on VirusTotal as malicious",
- "Details": [
- {
- "FireEye": "Generic.mg.7d8ec036a309d476"
- },
- {
- "Cylance": "Unsafe"
- },
- {
- "APEX": "Malicious"
- },
- {
- "Microsoft": "Trojan:Win32/Casur.A!cl"
- },
- {
- "VBA32": "BScope.Trojan.MereTam"
- }
- ]
- },
- {
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details": [
- {
- "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
- },
- {
- "ip_hostname": "HTTP connection was made to an IP address rather than domain name"
- },
- {
- "suspicious_request": "http://91.235.129.55/sin.png"
- }
- ]
- },
- {
- "Description": "Performs some HTTP requests",
- "Details": [
- {
- "url": "http://91.235.129.55/sin.png"
- }
- ]
- },
- {
- "Description": "Deletes its original binary from disk",
- "Details": []
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "C:\\Windows\\system32\\cmd.exe /C PowerShell \"Start-Sleep 10; Remove-Item C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe\"",
- "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe PowerShell \"Start-Sleep 10; Remove-Item C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe\""
- ]
- [*] Mutexes: [
- "Global\\CLR_CASOFF_MUTEX"
- ]
- [*] Modified Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-0000000000-0000000000-0000000000-1000\\00000000-0000-0000-0000-000000000000b_00000000-0000-0000-0000-000000000000",
- "\\Device\\LanmanDatagramReceiver",
- "\\??\\PIPE\\browser",
- "C:\\Windows\\SysWOW64\\%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\Windows PowerShell.lnk",
- "\\??\\PIPE\\srvsvc",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\KFJELMULJZK5TURD81T8.temp",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms"
- ]
- [*] Deleted Files: [
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\KFJELMULJZK5TURD81T8.temp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\meaykdxuvtfy.exe",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.2100.29163328",
- "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2100.29163328",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.2100.29163328"
- ]
- [*] Modified Registry Keys: [
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList"
- ]
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: [
- {
- "count": 1,
- "body": "",
- "uri": "http://91.235.129.55/sin.png",
- "user-agent": "",
- "method": "GET",
- "host": "91.235.129.55",
- "version": "1.1",
- "path": "/sin.png",
- "data": "GET /sin.png HTTP/1.1\r\nConnection: Keep-Alive\r\nHost: 91.235.129.55\r\n\r\n",
- "port": 80
- }
- ]
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DirectDrawCreateEx",
- "address": "0x429008"
- }
- ],
- "dll": "DDRAW.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x429220"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "HeapSize",
- "address": "0x429050"
- },
- {
- "name": "IsValidLocale",
- "address": "0x429054"
- },
- {
- "name": "EnumSystemLocalesA",
- "address": "0x429058"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x42905c"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x429060"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x429064"
- },
- {
- "name": "GetTimeFormatA",
- "address": "0x429068"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x42906c"
- },
- {
- "name": "GetStringTypeA",
- "address": "0x429070"
- },
- {
- "name": "LCMapStringW",
- "address": "0x429074"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x429078"
- },
- {
- "name": "SetStdHandle",
- "address": "0x42907c"
- },
- {
- "name": "WriteConsoleA",
- "address": "0x429080"
- },
- {
- "name": "GetConsoleOutputCP",
- "address": "0x429084"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x429088"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x42908c"
- },
- {
- "name": "CreateFileA",
- "address": "0x429090"
- },
- {
- "name": "CloseHandle",
- "address": "0x429094"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x429098"
- },
- {
- "name": "CompareStringA",
- "address": "0x42909c"
- },
- {
- "name": "CompareStringW",
- "address": "0x4290a0"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x4290a4"
- },
- {
- "name": "GetDriveTypeA",
- "address": "0x4290a8"
- },
- {
- "name": "CreateFileMappingW",
- "address": "0x4290ac"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4290b0"
- },
- {
- "name": "MapViewOfFile",
- "address": "0x4290b4"
- },
- {
- "name": "GetCurrentDirectoryA",
- "address": "0x4290b8"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x4290bc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4290c0"
- },
- {
- "name": "GetLastError",
- "address": "0x4290c4"
- },
- {
- "name": "HeapFree",
- "address": "0x4290c8"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x4290cc"
- },
- {
- "name": "RaiseException",
- "address": "0x4290d0"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4290d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4290d8"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4290dc"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4290e0"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x4290e4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4290e8"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x4290ec"
- },
- {
- "name": "VirtualFree",
- "address": "0x4290f0"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x4290f4"
- },
- {
- "name": "HeapCreate",
- "address": "0x4290f8"
- },
- {
- "name": "HeapDestroy",
- "address": "0x4290fc"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x429100"
- },
- {
- "name": "Sleep",
- "address": "0x429104"
- },
- {
- "name": "GetProcAddress",
- "address": "0x429108"
- },
- {
- "name": "ExitProcess",
- "address": "0x42910c"
- },
- {
- "name": "WriteFile",
- "address": "0x429110"
- },
- {
- "name": "GetStdHandle",
- "address": "0x429114"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x429118"
- },
- {
- "name": "TerminateProcess",
- "address": "0x42911c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x429120"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x429124"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x429128"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42912c"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x429130"
- },
- {
- "name": "GetCPInfo",
- "address": "0x429134"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x429138"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x42913c"
- },
- {
- "name": "GetACP",
- "address": "0x429140"
- },
- {
- "name": "GetOEMCP",
- "address": "0x429144"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x429148"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42914c"
- },
- {
- "name": "TlsAlloc",
- "address": "0x429150"
- },
- {
- "name": "TlsSetValue",
- "address": "0x429154"
- },
- {
- "name": "TlsFree",
- "address": "0x429158"
- },
- {
- "name": "SetLastError",
- "address": "0x42915c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x429160"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x429164"
- },
- {
- "name": "FreeEnvironmentStringsA",
- "address": "0x429168"
- },
- {
- "name": "GetEnvironmentStrings",
- "address": "0x42916c"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x429170"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x429174"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x429178"
- },
- {
- "name": "SetHandleCount",
- "address": "0x42917c"
- },
- {
- "name": "GetFileType",
- "address": "0x429180"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x429184"
- },
- {
- "name": "GetTickCount",
- "address": "0x429188"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x42918c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x429190"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x429194"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x429198"
- },
- {
- "name": "FreeLibrary",
- "address": "0x42919c"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x4291a0"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x4291a4"
- },
- {
- "name": "SetFilePointer",
- "address": "0x4291a8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4291ac"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4291b0"
- },
- {
- "name": "LCMapStringA",
- "address": "0x4291b4"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4291b8"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "PeekMessageA",
- "address": "0x4291c0"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4291c4"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4291c8"
- },
- {
- "name": "IntersectRect",
- "address": "0x4291cc"
- },
- {
- "name": "ShowWindow",
- "address": "0x4291d0"
- },
- {
- "name": "UpdateWindow",
- "address": "0x4291d4"
- },
- {
- "name": "LoadIconA",
- "address": "0x4291d8"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4291dc"
- },
- {
- "name": "RegisterClassA",
- "address": "0x4291e0"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x4291e4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4291e8"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x4291ec"
- },
- {
- "name": "SendMessageA",
- "address": "0x4291f0"
- },
- {
- "name": "GetMessageA",
- "address": "0x4291f4"
- },
- {
- "name": "TranslateMessage",
- "address": "0x4291f8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4291fc"
- },
- {
- "name": "LoadImageA",
- "address": "0x429200"
- },
- {
- "name": "GetDC",
- "address": "0x429204"
- },
- {
- "name": "ReleaseDC",
- "address": "0x429208"
- },
- {
- "name": "GetClientRect",
- "address": "0x42920c"
- },
- {
- "name": "ClientToScreen",
- "address": "0x429210"
- },
- {
- "name": "DrawTextA",
- "address": "0x429214"
- },
- {
- "name": "FillRect",
- "address": "0x429218"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "GetObjectA",
- "address": "0x429010"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x429014"
- },
- {
- "name": "DeleteDC",
- "address": "0x429018"
- },
- {
- "name": "BitBlt",
- "address": "0x42901c"
- },
- {
- "name": "Polyline",
- "address": "0x429020"
- },
- {
- "name": "Ellipse",
- "address": "0x429024"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x429028"
- },
- {
- "name": "CreatePen",
- "address": "0x42902c"
- },
- {
- "name": "SelectObject",
- "address": "0x429030"
- },
- {
- "name": "Rectangle",
- "address": "0x429034"
- },
- {
- "name": "SetBkMode",
- "address": "0x429038"
- },
- {
- "name": "SetTextColor",
- "address": "0x42903c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x429040"
- },
- {
- "name": "DeleteObject",
- "address": "0x429044"
- },
- {
- "name": "GetStockObject",
- "address": "0x429048"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "CryptAcquireContextA",
- "address": "0x429000"
- }
- ],
- "dll": "ADVAPI32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0003bbf7",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0003bbf7",
- "icon_hash": null,
- "entrypoint": "0x004063ab",
- "timestamp": "2019-06-26 13:58:51",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00027800",
- "entropy": "6.67",
- "raw_address": "0x00000400",
- "virtual_size": "0x0002763e",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00029000",
- "size_of_data": "0x00011200",
- "entropy": "6.63",
- "raw_address": "0x00027c00",
- "virtual_size": "0x0001103c",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0003b000",
- "size_of_data": "0x00001600",
- "entropy": "3.47",
- "raw_address": "0x00038e00",
- "virtual_size": "0x00003944",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0003f000",
- "size_of_data": "0x00000200",
- "entropy": "5.11",
- "raw_address": "0x0003a400",
- "virtual_size": "0x000001b4",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003941c",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000008c"
- },
- {
- "virtual_address": "0x0003f000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000001b4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00029270",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000383a8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00029000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000228"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "346228c03ba22f2de11f5f9fccf1d8b0",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "c:\\Users\\User\\Desktop\\26.6.2019\\sw\\A_Real_Tim3461511112001\\Battle\\Release\\Battle.pdb",
- "imported_dll_count": 6,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "kernel32.dll.FlsAlloc",
- "kernel32.dll.FlsGetValue",
- "kernel32.dll.FlsSetValue",
- "kernel32.dll.FlsFree",
- "kernel32.dll.IsProcessorFeaturePresent",
- "cryptsp.dll.CryptAcquireContextA",
- "kernel32.dll.VirtualAlloc",
- "ntdll.dll.memcpy",
- "advapi32.dll.CryptAcquireContextA",
- "advapi32.dll.CryptImportKey",
- "advapi32.dll.CryptEncrypt",
- "cryptsp.dll.CryptImportKey",
- "cryptbase.dll.SystemFunction040",
- "cryptbase.dll.SystemFunction041",
- "cryptsp.dll.CryptEncrypt",
- "ws2_32.dll.#6",
- "ws2_32.dll.#5",
- "ws2_32.dll.WSARecv",
- "ws2_32.dll.WSASend",
- "rpcrt4.dll.RpcBindingFree",
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "sechost.dll.OpenSCManagerW",
- "sechost.dll.OpenServiceW",
- "sechost.dll.QueryServiceStatus",
- "sechost.dll.CloseServiceHandle",
- "cscapi.dll.CscNetApiGetInterface",
- "netutils.dll.NetApiBufferAllocate",
- "netutils.dll.NetApiBufferFree",
- "ole32.dll.CLSIDFromProgID",
- "ole32.dll.CoCreateInstance",
- "oleaut32.dll.#9",
- "oleaut32.dll.#6",
- "oleaut32.dll.#15",
- "oleaut32.dll.#26",
- "oleaut32.dll.#19",
- "oleaut32.dll.#20",
- "netapi32.dll.DsGetDcNameW",
- "advapi32.dll.LsaOpenPolicy",
- "advapi32.dll.LsaQueryInformationPolicy",
- "advapi32.dll.LsaFreeMemory",
- "advapi32.dll.LsaClose",
- "oleaut32.dll.#16",
- "oleaut32.dll.#500",
- "kernel32.dll.SetThreadUILanguage",
- "kernel32.dll.CopyFileExW",
- "kernel32.dll.IsDebuggerPresent",
- "kernel32.dll.SetConsoleInputExeNameW",
- "kernel32.dll.SortGetHandle",
- "kernel32.dll.SortCloseHandle",
- "shell32.dll.#66",
- "ole32.dll.CoGetApartmentType",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoTaskMemFree",
- "comctl32.dll.#236",
- "ole32.dll.CoTaskMemAlloc",
- "ole32.dll.CoGetMalloc",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CreateBindCtx",
- "comctl32.dll.#320",
- "comctl32.dll.#324",
- "comctl32.dll.#323",
- "advapi32.dll.RegEnumKeyW",
- "oleaut32.dll.#2",
- "advapi32.dll.InitializeSecurityDescriptor",
- "advapi32.dll.SetEntriesInAclW",
- "ntmarta.dll.GetMartaExtensionInterface",
- "advapi32.dll.SetSecurityDescriptorDacl",
- "advapi32.dll.IsTextUnicode",
- "comctl32.dll.#332",
- "comctl32.dll.#338",
- "comctl32.dll.#339",
- "shell32.dll.#102",
- "ole32.dll.CoUninitialize",
- "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
- "apphelp.dll.ApphelpCheckShellObject",
- "setupapi.dll.CM_Get_Device_Interface_List_ExW",
- "comctl32.dll.#386",
- "sechost.dll.ConvertSidToStringSidW",
- "profapi.dll.#104",
- "comctl32.dll.#385",
- "comctl32.dll.#336",
- "comctl32.dll.#321",
- "comctl32.dll.#329",
- "comctl32.dll.#333",
- "ntdll.dll.RtlDllShutdownInProgress",
- "propsys.dll.PSCreateMemoryPropertyStore",
- "linkinfo.dll.CreateLinkInfoW",
- "user32.dll.IsCharAlphaW",
- "user32.dll.CharPrevW",
- "ntshrui.dll.GetNetResourceFromLocalPathW",
- "srvcli.dll.NetShareEnum",
- "slc.dll.SLGetWindowsInformationDWORD",
- "shlwapi.dll.PathRemoveFileSpecW",
- "linkinfo.dll.DestroyLinkInfo",
- "propsys.dll.PropVariantToBoolean",
- "ole32.dll.PropVariantClear",
- "cryptsp.dll.CryptAcquireContextW",
- "cryptsp.dll.CryptGenRandom",
- "cryptsp.dll.CryptReleaseContext",
- "ole32.dll.CoRevokeInitializeSpy",
- "comctl32.dll.#388",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "advapi32.dll.RegEnumKeyExW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "kernel32.dll.QueryActCtxW",
- "shlwapi.dll.UrlIsW",
- "kernel32.dll.InitializeCriticalSectionAndSpinCount",
- "msvcrt.dll._set_error_mode",
- "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
- "kernel32.dll.FindActCtxSectionStringW",
- "kernel32.dll.GetSystemWindowsDirectoryW",
- "mscoree.dll.GetProcessExecutableHeap",
- "mscorwks.dll.DllGetClassObjectInternal",
- "mscorwks.dll.GetCLRFunction",
- "advapi32.dll.RegisterTraceGuidsW",
- "advapi32.dll.UnregisterTraceGuids",
- "advapi32.dll.GetTraceLoggerHandle",
- "advapi32.dll.GetTraceEnableLevel",
- "advapi32.dll.GetTraceEnableFlags",
- "advapi32.dll.TraceEvent",
- "mscoree.dll.IEE",
- "mscorwks.dll.IEE",
- "mscoree.dll.GetStartupFlags",
- "mscoree.dll.GetHostConfigurationFile",
- "mscoree.dll.GetCORSystemDirectory",
- "ntdll.dll.RtlUnwind",
- "kernel32.dll.IsWow64Process",
- "advapi32.dll.AllocateAndInitializeSid",
- "advapi32.dll.OpenProcessToken",
- "advapi32.dll.GetTokenInformation",
- "advapi32.dll.InitializeAcl",
- "advapi32.dll.AddAccessAllowedAce",
- "advapi32.dll.FreeSid",
- "kernel32.dll.SetThreadStackGuarantee",
- "kernel32.dll.AddVectoredContinueHandler",
- "kernel32.dll.RemoveVectoredContinueHandler",
- "advapi32.dll.ConvertSidToStringSidW",
- "shell32.dll.SHGetFolderPathW",
- "kernel32.dll.FlushProcessWriteBuffers",
- "kernel32.dll.GetWriteWatch",
- "kernel32.dll.ResetWriteWatch",
- "kernel32.dll.CreateMemoryResourceNotification",
- "kernel32.dll.QueryMemoryResourceNotification",
- "mscoree.dll._CorExeMain",
- "mscoree.dll._CorImageUnloading",
- "mscoree.dll._CorValidateImage",
- "ole32.dll.CoGetContextToken",
- "oleaut32.dll.#149",
- "kernel32.dll.GetUserDefaultUILanguage",
- "kernel32.dll.GetVersionExW",
- "kernel32.dll.GetFullPathNameW",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.GetFileAttributesExW",
- "version.dll.GetFileVersionInfoSizeW",
- "version.dll.GetFileVersionInfoW",
- "version.dll.VerQueryValueW",
- "kernel32.dll.lstrlen",
- "kernel32.dll.lstrlenW",
- "mscoree.dll.ND_RI2",
- "kernel32.dll.lstrcpy",
- "kernel32.dll.lstrcpyW",
- "version.dll.VerLanguageNameW",
- "kernel32.dll.CloseHandle",
- "kernel32.dll.GetCurrentProcessId",
- "advapi32.dll.LookupPrivilegeValueW",
- "kernel32.dll.GetCurrentProcess",
- "advapi32.dll.AdjustTokenPrivileges",
- "kernel32.dll.OpenProcess",
- "psapi.dll.EnumProcessModules",
- "psapi.dll.GetModuleInformation",
- "psapi.dll.GetModuleBaseNameW",
- "psapi.dll.GetModuleFileNameExW",
- "kernel32.dll.GetExitCodeProcess",
- "ntdll.dll.NtQuerySystemInformation",
- "user32.dll.EnumWindows",
- "user32.dll.GetWindowThreadProcessId",
- "kernel32.dll.WerSetFlags",
- "kernel32.dll.SetThreadPreferredUILanguages",
- "kernel32.dll.GetThreadPreferredUILanguages",
- "kernel32.dll.GetUserDefaultLocaleName",
- "kernel32.dll.GetEnvironmentVariableW",
- "advapi32.dll.CryptReleaseContext",
- "advapi32.dll.CryptCreateHash",
- "advapi32.dll.CryptDestroyHash",
- "advapi32.dll.CryptHashData",
- "advapi32.dll.CryptGetHashParam",
- "advapi32.dll.CryptExportKey",
- "advapi32.dll.CryptGenKey",
- "advapi32.dll.CryptGetKeyParam",
- "advapi32.dll.CryptDestroyKey",
- "advapi32.dll.CryptVerifySignatureA",
- "advapi32.dll.CryptSignHashA",
- "advapi32.dll.CryptGetProvParam",
- "advapi32.dll.CryptGetUserKey",
- "advapi32.dll.CryptEnumProvidersA",
- "cryptsp.dll.CryptExportKey",
- "cryptsp.dll.CryptCreateHash",
- "cryptsp.dll.CryptHashData",
- "cryptsp.dll.CryptGetHashParam",
- "cryptsp.dll.CryptDestroyHash",
- "cryptsp.dll.CryptDestroyKey",
- "mscoree.dll.GetTokenForVTableEntry",
- "mscoree.dll.SetTargetForVTableEntry",
- "mscoree.dll.GetTargetForVTableEntry",
- "culture.dll.ConvertLangIdToCultureName",
- "ole32.dll.CoCreateGuid",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.GetConsoleScreenBufferInfo",
- "kernel32.dll.LocalFree",
- "kernel32.dll.LocalAlloc",
- "mscoree.dll.ND_RI4",
- "advapi32.dll.DuplicateTokenEx",
- "advapi32.dll.CheckTokenMembership",
- "kernel32.dll.GetConsoleTitleW",
- "kernel32.dll.SetConsoleTitleW",
- "kernel32.dll.SetConsoleCtrlHandler",
- "kernel32.dll.CreateEventW",
- "ntdll.dll.WinSqmIsOptedIn",
- "kernel32.dll.ExpandEnvironmentStringsW",
- "shfolder.dll.SHGetFolderPathW",
- "kernel32.dll.SetEnvironmentVariableW",
- "kernel32.dll.GetACP",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.GetFileType",
- "kernel32.dll.ReadFile",
- "kernel32.dll.GetSystemInfo",
- "kernel32.dll.VirtualQuery",
- "kernel32.dll.SwitchToThread",
- "kernel32.dll.GlobalMemoryStatusEx",
- "secur32.dll.GetUserNameExW",
- "advapi32.dll.GetUserNameW",
- "kernel32.dll.ReleaseMutex",
- "advapi32.dll.RegisterEventSourceW",
- "advapi32.dll.DeregisterEventSource",
- "advapi32.dll.ReportEventW",
- "kernel32.dll.GetLogicalDrives",
- "kernel32.dll.GetDriveTypeW",
- "kernel32.dll.GetVolumeInformationW",
- "kernel32.dll.GetCurrentDirectoryW",
- "kernel32.dll.GetLastError",
- "mscorjit.dll.getJit",
- "kernel32.dll.GetStdHandle",
- "kernel32.dll.GetConsoleMode",
- "kernel32.dll.SetEvent",
- "kernel32.dll.FindFirstFileW",
- "kernel32.dll.FindClose",
- "kernel32.dll.FormatMessageW",
- "kernel32.dll.DeleteFileW",
- "mscoree.dll.CorExitProcess",
- "mscorwks.dll.CorExitProcess",
- "mscorwks.dll._CorDllMain",
- "kernel32.dll.CreateActCtxW",
- "kernel32.dll.AddRefActCtx",
- "kernel32.dll.ReleaseActCtx",
- "kernel32.dll.ActivateActCtx",
- "kernel32.dll.DeactivateActCtx",
- "kernel32.dll.GetCurrentActCtx"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "DirectDrawCreateEx",
- "address": "0x429008"
- }
- ],
- "dll": "DDRAW.dll"
- },
- {
- "imports": [
- {
- "name": "timeGetTime",
- "address": "0x429220"
- }
- ],
- "dll": "WINMM.dll"
- },
- {
- "imports": [
- {
- "name": "HeapSize",
- "address": "0x429050"
- },
- {
- "name": "IsValidLocale",
- "address": "0x429054"
- },
- {
- "name": "EnumSystemLocalesA",
- "address": "0x429058"
- },
- {
- "name": "GetLocaleInfoA",
- "address": "0x42905c"
- },
- {
- "name": "GetFullPathNameA",
- "address": "0x429060"
- },
- {
- "name": "GetLocaleInfoW",
- "address": "0x429064"
- },
- {
- "name": "GetTimeFormatA",
- "address": "0x429068"
- },
- {
- "name": "GetStringTypeW",
- "address": "0x42906c"
- },
- {
- "name": "GetStringTypeA",
- "address": "0x429070"
- },
- {
- "name": "LCMapStringW",
- "address": "0x429074"
- },
- {
- "name": "MultiByteToWideChar",
- "address": "0x429078"
- },
- {
- "name": "SetStdHandle",
- "address": "0x42907c"
- },
- {
- "name": "WriteConsoleA",
- "address": "0x429080"
- },
- {
- "name": "GetConsoleOutputCP",
- "address": "0x429084"
- },
- {
- "name": "WriteConsoleW",
- "address": "0x429088"
- },
- {
- "name": "GetTimeZoneInformation",
- "address": "0x42908c"
- },
- {
- "name": "CreateFileA",
- "address": "0x429090"
- },
- {
- "name": "CloseHandle",
- "address": "0x429094"
- },
- {
- "name": "FlushFileBuffers",
- "address": "0x429098"
- },
- {
- "name": "CompareStringA",
- "address": "0x42909c"
- },
- {
- "name": "CompareStringW",
- "address": "0x4290a0"
- },
- {
- "name": "SetEnvironmentVariableA",
- "address": "0x4290a4"
- },
- {
- "name": "GetDriveTypeA",
- "address": "0x4290a8"
- },
- {
- "name": "CreateFileMappingW",
- "address": "0x4290ac"
- },
- {
- "name": "GetDateFormatA",
- "address": "0x4290b0"
- },
- {
- "name": "MapViewOfFile",
- "address": "0x4290b4"
- },
- {
- "name": "GetCurrentDirectoryA",
- "address": "0x4290b8"
- },
- {
- "name": "GetUserDefaultLCID",
- "address": "0x4290bc"
- },
- {
- "name": "HeapAlloc",
- "address": "0x4290c0"
- },
- {
- "name": "GetLastError",
- "address": "0x4290c4"
- },
- {
- "name": "HeapFree",
- "address": "0x4290c8"
- },
- {
- "name": "HeapReAlloc",
- "address": "0x4290cc"
- },
- {
- "name": "RaiseException",
- "address": "0x4290d0"
- },
- {
- "name": "RtlUnwind",
- "address": "0x4290d4"
- },
- {
- "name": "GetCommandLineA",
- "address": "0x4290d8"
- },
- {
- "name": "GetStartupInfoA",
- "address": "0x4290dc"
- },
- {
- "name": "DeleteCriticalSection",
- "address": "0x4290e0"
- },
- {
- "name": "LeaveCriticalSection",
- "address": "0x4290e4"
- },
- {
- "name": "FatalAppExitA",
- "address": "0x4290e8"
- },
- {
- "name": "EnterCriticalSection",
- "address": "0x4290ec"
- },
- {
- "name": "VirtualFree",
- "address": "0x4290f0"
- },
- {
- "name": "VirtualAlloc",
- "address": "0x4290f4"
- },
- {
- "name": "HeapCreate",
- "address": "0x4290f8"
- },
- {
- "name": "HeapDestroy",
- "address": "0x4290fc"
- },
- {
- "name": "GetModuleHandleW",
- "address": "0x429100"
- },
- {
- "name": "Sleep",
- "address": "0x429104"
- },
- {
- "name": "GetProcAddress",
- "address": "0x429108"
- },
- {
- "name": "ExitProcess",
- "address": "0x42910c"
- },
- {
- "name": "WriteFile",
- "address": "0x429110"
- },
- {
- "name": "GetStdHandle",
- "address": "0x429114"
- },
- {
- "name": "GetModuleFileNameA",
- "address": "0x429118"
- },
- {
- "name": "TerminateProcess",
- "address": "0x42911c"
- },
- {
- "name": "GetCurrentProcess",
- "address": "0x429120"
- },
- {
- "name": "UnhandledExceptionFilter",
- "address": "0x429124"
- },
- {
- "name": "SetUnhandledExceptionFilter",
- "address": "0x429128"
- },
- {
- "name": "IsDebuggerPresent",
- "address": "0x42912c"
- },
- {
- "name": "GetModuleHandleA",
- "address": "0x429130"
- },
- {
- "name": "GetCPInfo",
- "address": "0x429134"
- },
- {
- "name": "InterlockedIncrement",
- "address": "0x429138"
- },
- {
- "name": "InterlockedDecrement",
- "address": "0x42913c"
- },
- {
- "name": "GetACP",
- "address": "0x429140"
- },
- {
- "name": "GetOEMCP",
- "address": "0x429144"
- },
- {
- "name": "IsValidCodePage",
- "address": "0x429148"
- },
- {
- "name": "TlsGetValue",
- "address": "0x42914c"
- },
- {
- "name": "TlsAlloc",
- "address": "0x429150"
- },
- {
- "name": "TlsSetValue",
- "address": "0x429154"
- },
- {
- "name": "TlsFree",
- "address": "0x429158"
- },
- {
- "name": "SetLastError",
- "address": "0x42915c"
- },
- {
- "name": "GetCurrentThreadId",
- "address": "0x429160"
- },
- {
- "name": "GetCurrentThread",
- "address": "0x429164"
- },
- {
- "name": "FreeEnvironmentStringsA",
- "address": "0x429168"
- },
- {
- "name": "GetEnvironmentStrings",
- "address": "0x42916c"
- },
- {
- "name": "FreeEnvironmentStringsW",
- "address": "0x429170"
- },
- {
- "name": "WideCharToMultiByte",
- "address": "0x429174"
- },
- {
- "name": "GetEnvironmentStringsW",
- "address": "0x429178"
- },
- {
- "name": "SetHandleCount",
- "address": "0x42917c"
- },
- {
- "name": "GetFileType",
- "address": "0x429180"
- },
- {
- "name": "QueryPerformanceCounter",
- "address": "0x429184"
- },
- {
- "name": "GetTickCount",
- "address": "0x429188"
- },
- {
- "name": "GetCurrentProcessId",
- "address": "0x42918c"
- },
- {
- "name": "GetSystemTimeAsFileTime",
- "address": "0x429190"
- },
- {
- "name": "InitializeCriticalSectionAndSpinCount",
- "address": "0x429194"
- },
- {
- "name": "SetConsoleCtrlHandler",
- "address": "0x429198"
- },
- {
- "name": "FreeLibrary",
- "address": "0x42919c"
- },
- {
- "name": "InterlockedExchange",
- "address": "0x4291a0"
- },
- {
- "name": "LoadLibraryA",
- "address": "0x4291a4"
- },
- {
- "name": "SetFilePointer",
- "address": "0x4291a8"
- },
- {
- "name": "GetConsoleCP",
- "address": "0x4291ac"
- },
- {
- "name": "GetConsoleMode",
- "address": "0x4291b0"
- },
- {
- "name": "LCMapStringA",
- "address": "0x4291b4"
- },
- {
- "name": "SetCurrentDirectoryA",
- "address": "0x4291b8"
- }
- ],
- "dll": "KERNEL32.dll"
- },
- {
- "imports": [
- {
- "name": "PeekMessageA",
- "address": "0x4291c0"
- },
- {
- "name": "PostQuitMessage",
- "address": "0x4291c4"
- },
- {
- "name": "DefWindowProcA",
- "address": "0x4291c8"
- },
- {
- "name": "IntersectRect",
- "address": "0x4291cc"
- },
- {
- "name": "ShowWindow",
- "address": "0x4291d0"
- },
- {
- "name": "UpdateWindow",
- "address": "0x4291d4"
- },
- {
- "name": "LoadIconA",
- "address": "0x4291d8"
- },
- {
- "name": "LoadCursorA",
- "address": "0x4291dc"
- },
- {
- "name": "RegisterClassA",
- "address": "0x4291e0"
- },
- {
- "name": "CreateWindowExA",
- "address": "0x4291e4"
- },
- {
- "name": "GetSystemMetrics",
- "address": "0x4291e8"
- },
- {
- "name": "GetWindowLongA",
- "address": "0x4291ec"
- },
- {
- "name": "SendMessageA",
- "address": "0x4291f0"
- },
- {
- "name": "GetMessageA",
- "address": "0x4291f4"
- },
- {
- "name": "TranslateMessage",
- "address": "0x4291f8"
- },
- {
- "name": "DispatchMessageA",
- "address": "0x4291fc"
- },
- {
- "name": "LoadImageA",
- "address": "0x429200"
- },
- {
- "name": "GetDC",
- "address": "0x429204"
- },
- {
- "name": "ReleaseDC",
- "address": "0x429208"
- },
- {
- "name": "GetClientRect",
- "address": "0x42920c"
- },
- {
- "name": "ClientToScreen",
- "address": "0x429210"
- },
- {
- "name": "DrawTextA",
- "address": "0x429214"
- },
- {
- "name": "FillRect",
- "address": "0x429218"
- }
- ],
- "dll": "USER32.dll"
- },
- {
- "imports": [
- {
- "name": "GetObjectA",
- "address": "0x429010"
- },
- {
- "name": "CreateCompatibleDC",
- "address": "0x429014"
- },
- {
- "name": "DeleteDC",
- "address": "0x429018"
- },
- {
- "name": "BitBlt",
- "address": "0x42901c"
- },
- {
- "name": "Polyline",
- "address": "0x429020"
- },
- {
- "name": "Ellipse",
- "address": "0x429024"
- },
- {
- "name": "CreateBrushIndirect",
- "address": "0x429028"
- },
- {
- "name": "CreatePen",
- "address": "0x42902c"
- },
- {
- "name": "SelectObject",
- "address": "0x429030"
- },
- {
- "name": "Rectangle",
- "address": "0x429034"
- },
- {
- "name": "SetBkMode",
- "address": "0x429038"
- },
- {
- "name": "SetTextColor",
- "address": "0x42903c"
- },
- {
- "name": "CreateSolidBrush",
- "address": "0x429040"
- },
- {
- "name": "DeleteObject",
- "address": "0x429044"
- },
- {
- "name": "GetStockObject",
- "address": "0x429048"
- }
- ],
- "dll": "GDI32.dll"
- },
- {
- "imports": [
- {
- "name": "CryptAcquireContextA",
- "address": "0x429000"
- }
- ],
- "dll": "ADVAPI32.dll"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0003bbf7",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0003bbf7",
- "icon_hash": null,
- "entrypoint": "0x004063ab",
- "timestamp": "2019-06-26 13:58:51",
- "osversion": "5.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x00027800",
- "entropy": "6.67",
- "raw_address": "0x00000400",
- "virtual_size": "0x0002763e",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".rdata",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00029000",
- "size_of_data": "0x00011200",
- "entropy": "6.63",
- "raw_address": "0x00027c00",
- "virtual_size": "0x0001103c",
- "characteristics_raw": "0x40000040"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0003b000",
- "size_of_data": "0x00001600",
- "entropy": "3.47",
- "raw_address": "0x00038e00",
- "virtual_size": "0x00003944",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x0003f000",
- "size_of_data": "0x00000200",
- "entropy": "5.11",
- "raw_address": "0x0003a400",
- "virtual_size": "0x000001b4",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0003941c",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x0000008c"
- },
- {
- "virtual_address": "0x0003f000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x000001b4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00029270",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x0000001c"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x000383a8",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000040"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00029000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x00000228"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "346228c03ba22f2de11f5f9fccf1d8b0",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": "c:\\Users\\User\\Desktop\\26.6.2019\\sw\\A_Real_Tim3461511112001\\Battle\\Release\\Battle.pdb",
- "imported_dll_count": 6,
- "versioninfo": []
- }
- }
Add Comment
Please, Sign In to add comment