API tools faq
paste
Advertisement
paladin316

NanoCore_23bbbacf8c623db1b068e55993ae329f_exe_2019-06-25_16_30.json

paladin316
Jun 25th, 2019
1,542
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.30 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "NanoCore_23bbbacf8c623db1b068e55993ae329f.exe"
  7. [*] File Size: 512512
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "3b6a0eaf0091139360a98bdc8c40753b4fd6d85fd28070918d2f01e34add1415"
  10. [*] MD5: "23bbbacf8c623db1b068e55993ae329f"
  11. [*] SHA1: "a3829070e7bf071da4f9df6cfffda3962923948f"
  12. [*] SHA512: "ccdd64277d0b230bb11974470af6ce93f7ee7371da2c148eccc30f1a77b946d738d171dee7619895fa675c18fc0e1c3009433e07938d2100728755ddae2d8f49"
  13. [*] CRC32: "FAD65474"
  14. [*] SSDEEP: "6144:DYr50WK823ewZWdEU0Fc9X/fPpCkD6wrHUKmCSPlBOzVaUITMsCCIduBFCM7:DO0WKTW0OX/pCkOwrH9cl8zV5rsXF9"
  15.  
  16. [*] Process Execution: [
  17. "NanoCore_23bbbacf8c623db1b068e55993ae329f.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "The binary likely contains encrypted or compressed data.",
  23. "Details": [
  24. {
  25. "section": "name: .rsrc, entropy: 7.43, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0005be00, virtual_size: 0x0005bc58"
  26. }
  27. ]
  28. },
  29. {
  30. "Description": "Anomalous .NET characteristics",
  31. "Details": [
  32. {
  33. "anomalous_version": "Assembly version is set to 0"
  34. }
  35. ]
  36. },
  37. {
  38. "Description": "File has been identified by 39 Antiviruses on VirusTotal as malicious",
  39. "Details": [
  40. {
  41. "MicroWorld-eScan": "Gen:Variant.Ursu.479545"
  42. },
  43. {
  44. "McAfee": "RDN/Generic BackDoor"
  45. },
  46. {
  47. "Cylance": "Unsafe"
  48. },
  49. {
  50. "BitDefender": "Gen:Variant.Ursu.479545"
  51. },
  52. {
  53. "Invincea": "heuristic"
  54. },
  55. {
  56. "Symantec": "ML.Attribute.HighConfidence"
  57. },
  58. {
  59. "APEX": "Malicious"
  60. },
  61. {
  62. "Paloalto": "generic.ml"
  63. },
  64. {
  65. "Kaspersky": "HEUR:Trojan.MSIL.Crypt.gen"
  66. },
  67. {
  68. "Alibaba": "Trojan:MSIL/GenKryptik.bfdae5a1"
  69. },
  70. {
  71. "Avast": "Win32:Malware-gen"
  72. },
  73. {
  74. "Ad-Aware": "Gen:Variant.Ursu.479545"
  75. },
  76. {
  77. "Emsisoft": "Gen:Variant.Ursu.479545 (B)"
  78. },
  79. {
  80. "Comodo": "Backdoor.MSIL.Bladabindi.ABC@6b1idd"
  81. },
  82. {
  83. "F-Secure": "Trojan.TR/AD.Nanocore.nbrdv"
  84. },
  85. {
  86. "DrWeb": "Trojan.KillProc.64796"
  87. },
  88. {
  89. "TrendMicro": "BKDR_HPXORSIL.SM"
  90. },
  91. {
  92. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.hh"
  93. },
  94. {
  95. "FireEye": "Generic.mg.23bbbacf8c623db1"
  96. },
  97. {
  98. "Sophos": "Mal/Generic-S"
  99. },
  100. {
  101. "SentinelOne": "DFI - Malicious PE"
  102. },
  103. {
  104. "Cyren": "W32/Trojan.LXAO-5615"
  105. },
  106. {
  107. "Endgame": "malicious (high confidence)"
  108. },
  109. {
  110. "Avira": "TR/AD.Nanocore.nbrdv"
  111. },
  112. {
  113. "Fortinet": "MSIL/GenKryptik.DGKT!tr"
  114. },
  115. {
  116. "Arcabit": "Trojan.Ursu.D75139"
  117. },
  118. {
  119. "AegisLab": "Trojan.Multi.Generic.4!c"
  120. },
  121. {
  122. "ZoneAlarm": "HEUR:Trojan.MSIL.Crypt.gen"
  123. },
  124. {
  125. "ESET-NOD32": "a variant of MSIL/GenKryptik.DGKT"
  126. },
  127. {
  128. "Acronis": "suspicious"
  129. },
  130. {
  131. "VBA32": "TScope.Trojan.MSIL"
  132. },
  133. {
  134. "TrendMicro-HouseCall": "BKDR_HPXORSIL.SM"
  135. },
  136. {
  137. "Rising": "Trojan.GenKryptik!8.AA55 (CLOUD)"
  138. },
  139. {
  140. "Ikarus": "Trojan.Inject"
  141. },
  142. {
  143. "GData": "MSIL.Backdoor.Nancat.I55ETV"
  144. },
  145. {
  146. "AVG": "Win32:Malware-gen"
  147. },
  148. {
  149. "Cybereason": "malicious.0e7bf0"
  150. },
  151. {
  152. "CrowdStrike": "win/malicious_confidence_100% (W)"
  153. },
  154. {
  155. "Qihoo-360": "HEUR/QVM03.0.C789.Malware.Gen"
  156. }
  157. ]
  158. },
  159. {
  160. "Description": "Anomalous binary characteristics",
  161. "Details": [
  162. {
  163. "anomaly": "Actual checksum does not match that reported in PE header"
  164. }
  165. ]
  166. }
  167. ]
  168.  
  169. [*] Started Service: []
  170.  
  171. [*] Executed Commands: []
  172.  
  173. [*] Mutexes: []
  174.  
  175. [*] Modified Files: []
  176.  
  177. [*] Deleted Files: []
  178.  
  179. [*] Modified Registry Keys: []
  180.  
  181. [*] Deleted Registry Keys: []
  182.  
  183. [*] DNS Communications: []
  184.  
  185. [*] Domains: []
  186.  
  187. [*] Network Communication - ICMP: []
  188.  
  189. [*] Network Communication - HTTP: []
  190.  
  191. [*] Network Communication - SMTP: []
  192.  
  193. [*] Network Communication - Hosts: []
  194.  
  195. [*] Network Communication - IRC: []
  196.  
  197. [*] Static Analysis: {
  198. "dotnet": {
  199. "customattrs": [],
  200. "assemblyinfo": {
  201. "version": "0.0.0.0",
  202. "name": "pqRZuKxmOlcSJLDyma"
  203. },
  204. "assemblyrefs": [
  205. {
  206. "version": "4.0.0.0",
  207. "name": "mscorlib"
  208. },
  209. {
  210. "version": "4.0.0.0",
  211. "name": "System"
  212. },
  213. {
  214. "version": "4.0.0.0",
  215. "name": "System.Web"
  216. },
  217. {
  218. "version": "2.0.0.0",
  219. "name": "Serilog"
  220. }
  221. ],
  222. "typerefs": [
  223. {
  224. "typename": "Serilog.Core.ILogEventSink",
  225. "assembly": "Serilog"
  226. },
  227. {
  228. "typename": "Serilog.Debugging.SelfLog",
  229. "assembly": "Serilog"
  230. },
  231. {
  232. "typename": "Serilog.Events.LogEvent",
  233. "assembly": "Serilog"
  234. },
  235. {
  236. "typename": "System.Collections.Generic.Queue`1",
  237. "assembly": "System"
  238. },
  239. {
  240. "typename": "System.Net.Cookie",
  241. "assembly": "System"
  242. },
  243. {
  244. "typename": "System.Web.HttpServerUtility",
  245. "assembly": "System.Web"
  246. },
  247. {
  248. "typename": "System.ArgumentNullException",
  249. "assembly": "mscorlib"
  250. },
  251. {
  252. "typename": "System.ArgumentOutOfRangeException",
  253. "assembly": "mscorlib"
  254. },
  255. {
  256. "typename": "System.Collections.Concurrent.ConcurrentQueue`1",
  257. "assembly": "mscorlib"
  258. },
  259. {
  260. "typename": "System.Collections.Generic.IEnumerable`1",
  261. "assembly": "mscorlib"
  262. },
  263. {
  264. "typename": "System.Diagnostics.DebuggableAttribute",
  265. "assembly": "mscorlib"
  266. },
  267. {
  268. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  269. "assembly": "mscorlib"
  270. },
  271. {
  272. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  273. "assembly": "mscorlib"
  274. },
  275. {
  276. "typename": "System.Exception",
  277. "assembly": "mscorlib"
  278. },
  279. {
  280. "typename": "System.Func`1",
  281. "assembly": "mscorlib"
  282. },
  283. {
  284. "typename": "System.Func`2",
  285. "assembly": "mscorlib"
  286. },
  287. {
  288. "typename": "System.IDisposable",
  289. "assembly": "mscorlib"
  290. },
  291. {
  292. "typename": "System.Math",
  293. "assembly": "mscorlib"
  294. },
  295. {
  296. "typename": "System.Object",
  297. "assembly": "mscorlib"
  298. },
  299. {
  300. "typename": "System.ObjectDisposedException",
  301. "assembly": "mscorlib"
  302. },
  303. {
  304. "typename": "System.OperationCanceledException",
  305. "assembly": "mscorlib"
  306. },
  307. {
  308. "typename": "System.Reflection.Assembly",
  309. "assembly": "mscorlib"
  310. },
  311. {
  312. "typename": "System.Reflection.MethodBase",
  313. "assembly": "mscorlib"
  314. },
  315. {
  316. "typename": "System.Reflection.MethodInfo",
  317. "assembly": "mscorlib"
  318. },
  319. {
  320. "typename": "System.Runtime.CompilerServices.AsyncStateMachineAttribute",
  321. "assembly": "mscorlib"
  322. },
  323. {
  324. "typename": "System.Runtime.CompilerServices.AsyncTaskMethodBuilder",
  325. "assembly": "mscorlib"
  326. },
  327. {
  328. "typename": "System.Runtime.CompilerServices.AsyncVoidMethodBuilder",
  329. "assembly": "mscorlib"
  330. },
  331. {
  332. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  333. "assembly": "mscorlib"
  334. },
  335. {
  336. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  337. "assembly": "mscorlib"
  338. },
  339. {
  340. "typename": "System.Runtime.CompilerServices.IAsyncStateMachine",
  341. "assembly": "mscorlib"
  342. },
  343. {
  344. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  345. "assembly": "mscorlib"
  346. },
  347. {
  348. "typename": "System.Runtime.CompilerServices.TaskAwaiter",
  349. "assembly": "mscorlib"
  350. },
  351. {
  352. "typename": "System.Threading.CancellationToken",
  353. "assembly": "mscorlib"
  354. },
  355. {
  356. "typename": "System.Threading.CancellationTokenSource",
  357. "assembly": "mscorlib"
  358. },
  359. {
  360. "typename": "System.Threading.Interlocked",
  361. "assembly": "mscorlib"
  362. },
  363. {
  364. "typename": "System.Threading.Monitor",
  365. "assembly": "mscorlib"
  366. },
  367. {
  368. "typename": "System.Threading.SynchronizationContext",
  369. "assembly": "mscorlib"
  370. },
  371. {
  372. "typename": "System.Threading.Tasks.Task",
  373. "assembly": "mscorlib"
  374. },
  375. {
  376. "typename": "System.Threading.Timeout",
  377. "assembly": "mscorlib"
  378. },
  379. {
  380. "typename": "System.Threading.Timer",
  381. "assembly": "mscorlib"
  382. },
  383. {
  384. "typename": "System.Threading.TimerCallback",
  385. "assembly": "mscorlib"
  386. },
  387. {
  388. "typename": "System.TimeSpan",
  389. "assembly": "mscorlib"
  390. },
  391. {
  392. "typename": "System.Type",
  393. "assembly": "mscorlib"
  394. },
  395. {
  396. "typename": "System.ValueType",
  397. "assembly": "mscorlib"
  398. }
  399. ]
  400. },
  401. "pe": {
  402. "peid_signatures": null,
  403. "imports": [
  404. {
  405. "imports": [
  406. {
  407. "name": "_CorExeMain",
  408. "address": "0x402000"
  409. }
  410. ],
  411. "dll": "mscoree.dll"
  412. }
  413. ],
  414. "digital_signers": null,
  415. "exported_dll_name": null,
  416. "actual_checksum": "0x00082fb7",
  417. "overlay": {
  418. "size": "0x00019000",
  419. "offset": "0x00064200"
  420. },
  421. "imagebase": "0x00400000",
  422. "reported_checksum": "0x0006d6ee",
  423. "icon_hash": null,
  424. "entrypoint": "0x00409e8e",
  425. "timestamp": "2019-05-04 16:27:36",
  426. "osversion": "4.0",
  427. "sections": [
  428. {
  429. "name": ".text",
  430. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  431. "virtual_address": "0x00002000",
  432. "size_of_data": "0x00008000",
  433. "entropy": "4.67",
  434. "raw_address": "0x00000200",
  435. "virtual_size": "0x00007e94",
  436. "characteristics_raw": "0x60000020"
  437. },
  438. {
  439. "name": ".rsrc",
  440. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  441. "virtual_address": "0x0000a000",
  442. "size_of_data": "0x0005be00",
  443. "entropy": "7.43",
  444. "raw_address": "0x00008200",
  445. "virtual_size": "0x0005bc58",
  446. "characteristics_raw": "0x40000040"
  447. },
  448. {
  449. "name": ".reloc",
  450. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  451. "virtual_address": "0x00066000",
  452. "size_of_data": "0x00000200",
  453. "entropy": "0.08",
  454. "raw_address": "0x00064000",
  455. "virtual_size": "0x0000000c",
  456. "characteristics_raw": "0x42000040"
  457. }
  458. ],
  459. "resources": [],
  460. "dirents": [
  461. {
  462. "virtual_address": "0x00000000",
  463. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  464. "size": "0x00000000"
  465. },
  466. {
  467. "virtual_address": "0x00009e3c",
  468. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  469. "size": "0x0000004f"
  470. },
  471. {
  472. "virtual_address": "0x0000a000",
  473. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  474. "size": "0x0005bc58"
  475. },
  476. {
  477. "virtual_address": "0x00000000",
  478. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  479. "size": "0x00000000"
  480. },
  481. {
  482. "virtual_address": "0x00000000",
  483. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  484. "size": "0x00000000"
  485. },
  486. {
  487. "virtual_address": "0x00066000",
  488. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  489. "size": "0x0000000c"
  490. },
  491. {
  492. "virtual_address": "0x00009db8",
  493. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  494. "size": "0x0000001c"
  495. },
  496. {
  497. "virtual_address": "0x00000000",
  498. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  499. "size": "0x00000000"
  500. },
  501. {
  502. "virtual_address": "0x00000000",
  503. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  504. "size": "0x00000000"
  505. },
  506. {
  507. "virtual_address": "0x00000000",
  508. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  509. "size": "0x00000000"
  510. },
  511. {
  512. "virtual_address": "0x00000000",
  513. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  514. "size": "0x00000000"
  515. },
  516. {
  517. "virtual_address": "0x00000000",
  518. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  519. "size": "0x00000000"
  520. },
  521. {
  522. "virtual_address": "0x00002000",
  523. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  524. "size": "0x00000008"
  525. },
  526. {
  527. "virtual_address": "0x00000000",
  528. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  529. "size": "0x00000000"
  530. },
  531. {
  532. "virtual_address": "0x00002008",
  533. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  534. "size": "0x00000048"
  535. },
  536. {
  537. "virtual_address": "0x00000000",
  538. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  539. "size": "0x00000000"
  540. }
  541. ],
  542. "exports": [],
  543. "guest_signers": {},
  544. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  545. "icon_fuzzy": null,
  546. "icon": null,
  547. "pdbpath": "C:\\xampp\\htdocs\\Aspire\\files\\fantazyx_pqRZuKxmOlcSJLDy\\pqRZuKxmOlcSJLDyma.pdb",
  548. "imported_dll_count": 1,
  549. "versioninfo": []
  550. }
  551. }
  552.  
  553. [*] Resolved APIs: [
  554. "advapi32.dll.RegOpenKeyExW",
  555. "advapi32.dll.RegQueryInfoKeyW",
  556. "advapi32.dll.RegEnumKeyExW",
  557. "advapi32.dll.RegEnumValueW",
  558. "advapi32.dll.RegCloseKey",
  559. "advapi32.dll.RegQueryValueExW",
  560. "kernel32.dll.QueryActCtxW",
  561. "shlwapi.dll.UrlIsW"
  562. ]
  563.  
  564. [*] Static Analysis: {
  565. "dotnet": {
  566. "customattrs": [],
  567. "assemblyinfo": {
  568. "version": "0.0.0.0",
  569. "name": "pqRZuKxmOlcSJLDyma"
  570. },
  571. "assemblyrefs": [
  572. {
  573. "version": "4.0.0.0",
  574. "name": "mscorlib"
  575. },
  576. {
  577. "version": "4.0.0.0",
  578. "name": "System"
  579. },
  580. {
  581. "version": "4.0.0.0",
  582. "name": "System.Web"
  583. },
  584. {
  585. "version": "2.0.0.0",
  586. "name": "Serilog"
  587. }
  588. ],
  589. "typerefs": [
  590. {
  591. "typename": "Serilog.Core.ILogEventSink",
  592. "assembly": "Serilog"
  593. },
  594. {
  595. "typename": "Serilog.Debugging.SelfLog",
  596. "assembly": "Serilog"
  597. },
  598. {
  599. "typename": "Serilog.Events.LogEvent",
  600. "assembly": "Serilog"
  601. },
  602. {
  603. "typename": "System.Collections.Generic.Queue`1",
  604. "assembly": "System"
  605. },
  606. {
  607. "typename": "System.Net.Cookie",
  608. "assembly": "System"
  609. },
  610. {
  611. "typename": "System.Web.HttpServerUtility",
  612. "assembly": "System.Web"
  613. },
  614. {
  615. "typename": "System.ArgumentNullException",
  616. "assembly": "mscorlib"
  617. },
  618. {
  619. "typename": "System.ArgumentOutOfRangeException",
  620. "assembly": "mscorlib"
  621. },
  622. {
  623. "typename": "System.Collections.Concurrent.ConcurrentQueue`1",
  624. "assembly": "mscorlib"
  625. },
  626. {
  627. "typename": "System.Collections.Generic.IEnumerable`1",
  628. "assembly": "mscorlib"
  629. },
  630. {
  631. "typename": "System.Diagnostics.DebuggableAttribute",
  632. "assembly": "mscorlib"
  633. },
  634. {
  635. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  636. "assembly": "mscorlib"
  637. },
  638. {
  639. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  640. "assembly": "mscorlib"
  641. },
  642. {
  643. "typename": "System.Exception",
  644. "assembly": "mscorlib"
  645. },
  646. {
  647. "typename": "System.Func`1",
  648. "assembly": "mscorlib"
  649. },
  650. {
  651. "typename": "System.Func`2",
  652. "assembly": "mscorlib"
  653. },
  654. {
  655. "typename": "System.IDisposable",
  656. "assembly": "mscorlib"
  657. },
  658. {
  659. "typename": "System.Math",
  660. "assembly": "mscorlib"
  661. },
  662. {
  663. "typename": "System.Object",
  664. "assembly": "mscorlib"
  665. },
  666. {
  667. "typename": "System.ObjectDisposedException",
  668. "assembly": "mscorlib"
  669. },
  670. {
  671. "typename": "System.OperationCanceledException",
  672. "assembly": "mscorlib"
  673. },
  674. {
  675. "typename": "System.Reflection.Assembly",
  676. "assembly": "mscorlib"
  677. },
  678. {
  679. "typename": "System.Reflection.MethodBase",
  680. "assembly": "mscorlib"
  681. },
  682. {
  683. "typename": "System.Reflection.MethodInfo",
  684. "assembly": "mscorlib"
  685. },
  686. {
  687. "typename": "System.Runtime.CompilerServices.AsyncStateMachineAttribute",
  688. "assembly": "mscorlib"
  689. },
  690. {
  691. "typename": "System.Runtime.CompilerServices.AsyncTaskMethodBuilder",
  692. "assembly": "mscorlib"
  693. },
  694. {
  695. "typename": "System.Runtime.CompilerServices.AsyncVoidMethodBuilder",
  696. "assembly": "mscorlib"
  697. },
  698. {
  699. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  700. "assembly": "mscorlib"
  701. },
  702. {
  703. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  704. "assembly": "mscorlib"
  705. },
  706. {
  707. "typename": "System.Runtime.CompilerServices.IAsyncStateMachine",
  708. "assembly": "mscorlib"
  709. },
  710. {
  711. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  712. "assembly": "mscorlib"
  713. },
  714. {
  715. "typename": "System.Runtime.CompilerServices.TaskAwaiter",
  716. "assembly": "mscorlib"
  717. },
  718. {
  719. "typename": "System.Threading.CancellationToken",
  720. "assembly": "mscorlib"
  721. },
  722. {
  723. "typename": "System.Threading.CancellationTokenSource",
  724. "assembly": "mscorlib"
  725. },
  726. {
  727. "typename": "System.Threading.Interlocked",
  728. "assembly": "mscorlib"
  729. },
  730. {
  731. "typename": "System.Threading.Monitor",
  732. "assembly": "mscorlib"
  733. },
  734. {
  735. "typename": "System.Threading.SynchronizationContext",
  736. "assembly": "mscorlib"
  737. },
  738. {
  739. "typename": "System.Threading.Tasks.Task",
  740. "assembly": "mscorlib"
  741. },
  742. {
  743. "typename": "System.Threading.Timeout",
  744. "assembly": "mscorlib"
  745. },
  746. {
  747. "typename": "System.Threading.Timer",
  748. "assembly": "mscorlib"
  749. },
  750. {
  751. "typename": "System.Threading.TimerCallback",
  752. "assembly": "mscorlib"
  753. },
  754. {
  755. "typename": "System.TimeSpan",
  756. "assembly": "mscorlib"
  757. },
  758. {
  759. "typename": "System.Type",
  760. "assembly": "mscorlib"
  761. },
  762. {
  763. "typename": "System.ValueType",
  764. "assembly": "mscorlib"
  765. }
  766. ]
  767. },
  768. "pe": {
  769. "peid_signatures": null,
  770. "imports": [
  771. {
  772. "imports": [
  773. {
  774. "name": "_CorExeMain",
  775. "address": "0x402000"
  776. }
  777. ],
  778. "dll": "mscoree.dll"
  779. }
  780. ],
  781. "digital_signers": null,
  782. "exported_dll_name": null,
  783. "actual_checksum": "0x00082fb7",
  784. "overlay": {
  785. "size": "0x00019000",
  786. "offset": "0x00064200"
  787. },
  788. "imagebase": "0x00400000",
  789. "reported_checksum": "0x0006d6ee",
  790. "icon_hash": null,
  791. "entrypoint": "0x00409e8e",
  792. "timestamp": "2019-05-04 16:27:36",
  793. "osversion": "4.0",
  794. "sections": [
  795. {
  796. "name": ".text",
  797. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  798. "virtual_address": "0x00002000",
  799. "size_of_data": "0x00008000",
  800. "entropy": "4.67",
  801. "raw_address": "0x00000200",
  802. "virtual_size": "0x00007e94",
  803. "characteristics_raw": "0x60000020"
  804. },
  805. {
  806. "name": ".rsrc",
  807. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  808. "virtual_address": "0x0000a000",
  809. "size_of_data": "0x0005be00",
  810. "entropy": "7.43",
  811. "raw_address": "0x00008200",
  812. "virtual_size": "0x0005bc58",
  813. "characteristics_raw": "0x40000040"
  814. },
  815. {
  816. "name": ".reloc",
  817. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  818. "virtual_address": "0x00066000",
  819. "size_of_data": "0x00000200",
  820. "entropy": "0.08",
  821. "raw_address": "0x00064000",
  822. "virtual_size": "0x0000000c",
  823. "characteristics_raw": "0x42000040"
  824. }
  825. ],
  826. "resources": [],
  827. "dirents": [
  828. {
  829. "virtual_address": "0x00000000",
  830. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  831. "size": "0x00000000"
  832. },
  833. {
  834. "virtual_address": "0x00009e3c",
  835. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  836. "size": "0x0000004f"
  837. },
  838. {
  839. "virtual_address": "0x0000a000",
  840. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  841. "size": "0x0005bc58"
  842. },
  843. {
  844. "virtual_address": "0x00000000",
  845. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  846. "size": "0x00000000"
  847. },
  848. {
  849. "virtual_address": "0x00000000",
  850. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  851. "size": "0x00000000"
  852. },
  853. {
  854. "virtual_address": "0x00066000",
  855. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  856. "size": "0x0000000c"
  857. },
  858. {
  859. "virtual_address": "0x00009db8",
  860. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  861. "size": "0x0000001c"
  862. },
  863. {
  864. "virtual_address": "0x00000000",
  865. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  866. "size": "0x00000000"
  867. },
  868. {
  869. "virtual_address": "0x00000000",
  870. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  871. "size": "0x00000000"
  872. },
  873. {
  874. "virtual_address": "0x00000000",
  875. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  876. "size": "0x00000000"
  877. },
  878. {
  879. "virtual_address": "0x00000000",
  880. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  881. "size": "0x00000000"
  882. },
  883. {
  884. "virtual_address": "0x00000000",
  885. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  886. "size": "0x00000000"
  887. },
  888. {
  889. "virtual_address": "0x00002000",
  890. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  891. "size": "0x00000008"
  892. },
  893. {
  894. "virtual_address": "0x00000000",
  895. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  896. "size": "0x00000000"
  897. },
  898. {
  899. "virtual_address": "0x00002008",
  900. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  901. "size": "0x00000048"
  902. },
  903. {
  904. "virtual_address": "0x00000000",
  905. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  906. "size": "0x00000000"
  907. }
  908. ],
  909. "exports": [],
  910. "guest_signers": {},
  911. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  912. "icon_fuzzy": null,
  913. "icon": null,
  914. "pdbpath": "C:\\xampp\\htdocs\\Aspire\\files\\fantazyx_pqRZuKxmOlcSJLDy\\pqRZuKxmOlcSJLDyma.pdb",
  915. "imported_dll_count": 1,
  916. "versioninfo": []
  917. }
  918. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!