API tools faq
paste
Advertisement
paladin316

Exes_4df42f60aef40d2a336b5dac35709f51_exe.json

paladin316
Jun 20th, 2019
1,336
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 64.60 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_4df42f60aef40d2a336b5dac35709f51.exe"
  7. [*] File Size: 350009
  8. [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive"
  9. [*] SHA256: "21e74380e39fc76ba1286f95a255b0fa6f30fb0f95111cd6569dcb9c5367603b"
  10. [*] MD5: "4df42f60aef40d2a336b5dac35709f51"
  11. [*] SHA1: "d57dc86a11353290a08afd11d0bda21a52921424"
  12. [*] SHA512: "12d4ceb94244aa7f1aaa52ca627269c46f39e70c8305733b12770d9b709b410b44d546bae1309da87f18db6f96744105240e00be8bc59a800a2567481987969d"
  13. [*] CRC32: "CB78074C"
  14. [*] SSDEEP: "6144:n5DBRjG+8tVcfyNzXT/N8NBCYTKSZuz0hmBdf7UhpiMHKzKHkBvD9148H:tB9+tmf6T/ODTKFymBdAQ4KzKHkBJH"
  15.  
  16. [*] Process Execution: [
  17. "Exes_4df42f60aef40d2a336b5dac35709f51.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "Reads data out of its own binary image",
  27. "Details": [
  28. {
  29. "self_read": "process: Exes_4df42f60aef40d2a336b5dac35709f51.exe, pid: 3204, offset: 0x00000000, length: 0x00055735"
  30. },
  31. {
  32. "self_read": "process: Exes_4df42f60aef40d2a336b5dac35709f51.exe, pid: 3204, offset: 0x0000901c, length: 0x0004c71d"
  33. }
  34. ]
  35. },
  36. {
  37. "Description": "Performs some HTTP requests",
  38. "Details": [
  39. {
  40. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
  41. },
  42. {
  43. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
  44. },
  45. {
  46. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
  47. }
  48. ]
  49. },
  50. {
  51. "Description": "Installs itself for autorun at Windows startup",
  52. "Details": [
  53. {
  54. "file": "C:\\Windows\\win.ini"
  55. },
  56. {
  57. "file": "C:\\Windows\\win.ini"
  58. }
  59. ]
  60. },
  61. {
  62. "Description": "File has been identified by 12 Antiviruses on VirusTotal as malicious",
  63. "Details": [
  64. {
  65. "Bkav": "HW32.Packed."
  66. },
  67. {
  68. "FireEye": "Generic.mg.4df42f60aef40d2a"
  69. },
  70. {
  71. "APEX": "Malicious"
  72. },
  73. {
  74. "Kaspersky": "HEUR:Trojan.Win32.BypassUAC.gen"
  75. },
  76. {
  77. "Invincea": "heuristic"
  78. },
  79. {
  80. "McAfee-GW-Edition": "BehavesLike.Win32.Ransom.fc"
  81. },
  82. {
  83. "Endgame": "malicious (moderate confidence)"
  84. },
  85. {
  86. "ZoneAlarm": "HEUR:Trojan.Win32.BypassUAC.gen"
  87. },
  88. {
  89. "GData": "Win32.Trojan-Stealer.FormBook.8P2Q8I"
  90. },
  91. {
  92. "Cybereason": "malicious.a11353"
  93. },
  94. {
  95. "CrowdStrike": "win/malicious_confidence_80% (W)"
  96. },
  97. {
  98. "Qihoo-360": "Win32/Trojan.986"
  99. }
  100. ]
  101. }
  102. ]
  103.  
  104. [*] Started Service: []
  105.  
  106. [*] Executed Commands: []
  107.  
  108. [*] Mutexes: [
  109. "OpenMetaverseInstaller"
  110. ]
  111.  
  112. [*] Modified Files: [
  113. "C:\\Users\\user\\AppData\\Local\\Temp\\nsg2E9.tmp",
  114. "C:\\Users\\user\\AppData\\Local\\Temp\\WelcomeDialogContent.json",
  115. "C:\\Users\\user\\AppData\\Local\\Temp\\SelectAStarControl_Experiment.xbf",
  116. "C:\\Users\\user\\AppData\\Local\\Temp\\CameraSymbols.ttf",
  117. "C:\\Users\\user\\AppData\\Local\\Temp\\Burhel",
  118. "C:\\Users\\user\\AppData\\Local\\Temp\\tanna.dll",
  119. "C:\\Users\\user\\AppData\\Local\\Temp\\nsg338.tmp\\System.dll",
  120. "C:\\Users\\user\\AppData\\Local\\Temp\\nsg338.tmp\\Splash.dll",
  121. "C:\\Windows\\win.ini"
  122. ]
  123.  
  124. [*] Deleted Files: [
  125. "C:\\Users\\user\\AppData\\Local\\Temp\\nsb2C9.tmp",
  126. "C:\\Users\\user\\AppData\\Local\\Temp\\nsg338.tmp"
  127. ]
  128.  
  129. [*] Modified Registry Keys: []
  130.  
  131. [*] Deleted Registry Keys: []
  132.  
  133. [*] DNS Communications: []
  134.  
  135. [*] Domains: []
  136.  
  137. [*] Network Communication - ICMP: []
  138.  
  139. [*] Network Communication - HTTP: [
  140. {
  141. "count": 1,
  142. "body": "",
  143. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  144. "user-agent": "Microsoft-CryptoAPI/6.1",
  145. "method": "GET",
  146. "host": "ocsp.digicert.com",
  147. "version": "1.1",
  148. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
  149. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  150. "port": 80
  151. },
  152. {
  153. "count": 1,
  154. "body": "",
  155. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  156. "user-agent": "Microsoft-CryptoAPI/6.1",
  157. "method": "GET",
  158. "host": "ocsp.digicert.com",
  159. "version": "1.1",
  160. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
  161. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  162. "port": 80
  163. },
  164. {
  165. "count": 1,
  166. "body": "",
  167. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  168. "user-agent": "Microsoft-CryptoAPI/6.1",
  169. "method": "GET",
  170. "host": "ocsp.digicert.com",
  171. "version": "1.1",
  172. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
  173. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
  174. "port": 80
  175. }
  176. ]
  177.  
  178. [*] Network Communication - SMTP: []
  179.  
  180. [*] Network Communication - Hosts: []
  181.  
  182. [*] Network Communication - IRC: []
  183.  
  184. [*] Static Analysis: {
  185. "pe": {
  186. "peid_signatures": null,
  187. "imports": [
  188. {
  189. "imports": [
  190. {
  191. "name": "SetEnvironmentVariableA",
  192. "address": "0x408070"
  193. },
  194. {
  195. "name": "CreateFileA",
  196. "address": "0x408074"
  197. },
  198. {
  199. "name": "GetFileSize",
  200. "address": "0x408078"
  201. },
  202. {
  203. "name": "GetModuleFileNameA",
  204. "address": "0x40807c"
  205. },
  206. {
  207. "name": "ReadFile",
  208. "address": "0x408080"
  209. },
  210. {
  211. "name": "GetCurrentProcess",
  212. "address": "0x408084"
  213. },
  214. {
  215. "name": "CopyFileA",
  216. "address": "0x408088"
  217. },
  218. {
  219. "name": "Sleep",
  220. "address": "0x40808c"
  221. },
  222. {
  223. "name": "GetTickCount",
  224. "address": "0x408090"
  225. },
  226. {
  227. "name": "GetWindowsDirectoryA",
  228. "address": "0x408094"
  229. },
  230. {
  231. "name": "GetTempPathA",
  232. "address": "0x408098"
  233. },
  234. {
  235. "name": "GetCommandLineA",
  236. "address": "0x40809c"
  237. },
  238. {
  239. "name": "lstrlenA",
  240. "address": "0x4080a0"
  241. },
  242. {
  243. "name": "GetVersion",
  244. "address": "0x4080a4"
  245. },
  246. {
  247. "name": "SetErrorMode",
  248. "address": "0x4080a8"
  249. },
  250. {
  251. "name": "lstrcpynA",
  252. "address": "0x4080ac"
  253. },
  254. {
  255. "name": "ExitProcess",
  256. "address": "0x4080b0"
  257. },
  258. {
  259. "name": "SetCurrentDirectoryA",
  260. "address": "0x4080b4"
  261. },
  262. {
  263. "name": "GlobalLock",
  264. "address": "0x4080b8"
  265. },
  266. {
  267. "name": "CreateThread",
  268. "address": "0x4080bc"
  269. },
  270. {
  271. "name": "GetLastError",
  272. "address": "0x4080c0"
  273. },
  274. {
  275. "name": "CreateDirectoryA",
  276. "address": "0x4080c4"
  277. },
  278. {
  279. "name": "CreateProcessA",
  280. "address": "0x4080c8"
  281. },
  282. {
  283. "name": "RemoveDirectoryA",
  284. "address": "0x4080cc"
  285. },
  286. {
  287. "name": "GetTempFileNameA",
  288. "address": "0x4080d0"
  289. },
  290. {
  291. "name": "WriteFile",
  292. "address": "0x4080d4"
  293. },
  294. {
  295. "name": "lstrcpyA",
  296. "address": "0x4080d8"
  297. },
  298. {
  299. "name": "MoveFileExA",
  300. "address": "0x4080dc"
  301. },
  302. {
  303. "name": "lstrcatA",
  304. "address": "0x4080e0"
  305. },
  306. {
  307. "name": "GetSystemDirectoryA",
  308. "address": "0x4080e4"
  309. },
  310. {
  311. "name": "GetProcAddress",
  312. "address": "0x4080e8"
  313. },
  314. {
  315. "name": "GetExitCodeProcess",
  316. "address": "0x4080ec"
  317. },
  318. {
  319. "name": "WaitForSingleObject",
  320. "address": "0x4080f0"
  321. },
  322. {
  323. "name": "CompareFileTime",
  324. "address": "0x4080f4"
  325. },
  326. {
  327. "name": "SetFileAttributesA",
  328. "address": "0x4080f8"
  329. },
  330. {
  331. "name": "GetFileAttributesA",
  332. "address": "0x4080fc"
  333. },
  334. {
  335. "name": "GetShortPathNameA",
  336. "address": "0x408100"
  337. },
  338. {
  339. "name": "MoveFileA",
  340. "address": "0x408104"
  341. },
  342. {
  343. "name": "GetFullPathNameA",
  344. "address": "0x408108"
  345. },
  346. {
  347. "name": "SetFileTime",
  348. "address": "0x40810c"
  349. },
  350. {
  351. "name": "SearchPathA",
  352. "address": "0x408110"
  353. },
  354. {
  355. "name": "CloseHandle",
  356. "address": "0x408114"
  357. },
  358. {
  359. "name": "lstrcmpiA",
  360. "address": "0x408118"
  361. },
  362. {
  363. "name": "GlobalUnlock",
  364. "address": "0x40811c"
  365. },
  366. {
  367. "name": "GetDiskFreeSpaceA",
  368. "address": "0x408120"
  369. },
  370. {
  371. "name": "lstrcmpA",
  372. "address": "0x408124"
  373. },
  374. {
  375. "name": "FindFirstFileA",
  376. "address": "0x408128"
  377. },
  378. {
  379. "name": "FindNextFileA",
  380. "address": "0x40812c"
  381. },
  382. {
  383. "name": "DeleteFileA",
  384. "address": "0x408130"
  385. },
  386. {
  387. "name": "SetFilePointer",
  388. "address": "0x408134"
  389. },
  390. {
  391. "name": "GetPrivateProfileStringA",
  392. "address": "0x408138"
  393. },
  394. {
  395. "name": "FindClose",
  396. "address": "0x40813c"
  397. },
  398. {
  399. "name": "MultiByteToWideChar",
  400. "address": "0x408140"
  401. },
  402. {
  403. "name": "FreeLibrary",
  404. "address": "0x408144"
  405. },
  406. {
  407. "name": "MulDiv",
  408. "address": "0x408148"
  409. },
  410. {
  411. "name": "WritePrivateProfileStringA",
  412. "address": "0x40814c"
  413. },
  414. {
  415. "name": "LoadLibraryExA",
  416. "address": "0x408150"
  417. },
  418. {
  419. "name": "GetModuleHandleA",
  420. "address": "0x408154"
  421. },
  422. {
  423. "name": "GlobalAlloc",
  424. "address": "0x408158"
  425. },
  426. {
  427. "name": "GlobalFree",
  428. "address": "0x40815c"
  429. },
  430. {
  431. "name": "ExpandEnvironmentStringsA",
  432. "address": "0x408160"
  433. }
  434. ],
  435. "dll": "KERNEL32.dll"
  436. },
  437. {
  438. "imports": [
  439. {
  440. "name": "ScreenToClient",
  441. "address": "0x408184"
  442. },
  443. {
  444. "name": "GetSystemMenu",
  445. "address": "0x408188"
  446. },
  447. {
  448. "name": "SetClassLongA",
  449. "address": "0x40818c"
  450. },
  451. {
  452. "name": "IsWindowEnabled",
  453. "address": "0x408190"
  454. },
  455. {
  456. "name": "SetWindowPos",
  457. "address": "0x408194"
  458. },
  459. {
  460. "name": "GetSysColor",
  461. "address": "0x408198"
  462. },
  463. {
  464. "name": "GetWindowLongA",
  465. "address": "0x40819c"
  466. },
  467. {
  468. "name": "SetCursor",
  469. "address": "0x4081a0"
  470. },
  471. {
  472. "name": "LoadCursorA",
  473. "address": "0x4081a4"
  474. },
  475. {
  476. "name": "CheckDlgButton",
  477. "address": "0x4081a8"
  478. },
  479. {
  480. "name": "GetMessagePos",
  481. "address": "0x4081ac"
  482. },
  483. {
  484. "name": "LoadBitmapA",
  485. "address": "0x4081b0"
  486. },
  487. {
  488. "name": "CallWindowProcA",
  489. "address": "0x4081b4"
  490. },
  491. {
  492. "name": "IsWindowVisible",
  493. "address": "0x4081b8"
  494. },
  495. {
  496. "name": "CloseClipboard",
  497. "address": "0x4081bc"
  498. },
  499. {
  500. "name": "SetClipboardData",
  501. "address": "0x4081c0"
  502. },
  503. {
  504. "name": "EmptyClipboard",
  505. "address": "0x4081c4"
  506. },
  507. {
  508. "name": "PostQuitMessage",
  509. "address": "0x4081c8"
  510. },
  511. {
  512. "name": "GetWindowRect",
  513. "address": "0x4081cc"
  514. },
  515. {
  516. "name": "EnableMenuItem",
  517. "address": "0x4081d0"
  518. },
  519. {
  520. "name": "CreatePopupMenu",
  521. "address": "0x4081d4"
  522. },
  523. {
  524. "name": "GetSystemMetrics",
  525. "address": "0x4081d8"
  526. },
  527. {
  528. "name": "SetDlgItemTextA",
  529. "address": "0x4081dc"
  530. },
  531. {
  532. "name": "GetDlgItemTextA",
  533. "address": "0x4081e0"
  534. },
  535. {
  536. "name": "MessageBoxIndirectA",
  537. "address": "0x4081e4"
  538. },
  539. {
  540. "name": "CharPrevA",
  541. "address": "0x4081e8"
  542. },
  543. {
  544. "name": "DispatchMessageA",
  545. "address": "0x4081ec"
  546. },
  547. {
  548. "name": "PeekMessageA",
  549. "address": "0x4081f0"
  550. },
  551. {
  552. "name": "ReleaseDC",
  553. "address": "0x4081f4"
  554. },
  555. {
  556. "name": "EnableWindow",
  557. "address": "0x4081f8"
  558. },
  559. {
  560. "name": "InvalidateRect",
  561. "address": "0x4081fc"
  562. },
  563. {
  564. "name": "SendMessageA",
  565. "address": "0x408200"
  566. },
  567. {
  568. "name": "DefWindowProcA",
  569. "address": "0x408204"
  570. },
  571. {
  572. "name": "BeginPaint",
  573. "address": "0x408208"
  574. },
  575. {
  576. "name": "GetClientRect",
  577. "address": "0x40820c"
  578. },
  579. {
  580. "name": "FillRect",
  581. "address": "0x408210"
  582. },
  583. {
  584. "name": "DrawTextA",
  585. "address": "0x408214"
  586. },
  587. {
  588. "name": "EndDialog",
  589. "address": "0x408218"
  590. },
  591. {
  592. "name": "RegisterClassA",
  593. "address": "0x40821c"
  594. },
  595. {
  596. "name": "SystemParametersInfoA",
  597. "address": "0x408220"
  598. },
  599. {
  600. "name": "CreateWindowExA",
  601. "address": "0x408224"
  602. },
  603. {
  604. "name": "GetClassInfoA",
  605. "address": "0x408228"
  606. },
  607. {
  608. "name": "DialogBoxParamA",
  609. "address": "0x40822c"
  610. },
  611. {
  612. "name": "CharNextA",
  613. "address": "0x408230"
  614. },
  615. {
  616. "name": "ExitWindowsEx",
  617. "address": "0x408234"
  618. },
  619. {
  620. "name": "GetDC",
  621. "address": "0x408238"
  622. },
  623. {
  624. "name": "CreateDialogParamA",
  625. "address": "0x40823c"
  626. },
  627. {
  628. "name": "SetTimer",
  629. "address": "0x408240"
  630. },
  631. {
  632. "name": "GetDlgItem",
  633. "address": "0x408244"
  634. },
  635. {
  636. "name": "SetWindowLongA",
  637. "address": "0x408248"
  638. },
  639. {
  640. "name": "SetForegroundWindow",
  641. "address": "0x40824c"
  642. },
  643. {
  644. "name": "LoadImageA",
  645. "address": "0x408250"
  646. },
  647. {
  648. "name": "IsWindow",
  649. "address": "0x408254"
  650. },
  651. {
  652. "name": "SendMessageTimeoutA",
  653. "address": "0x408258"
  654. },
  655. {
  656. "name": "FindWindowExA",
  657. "address": "0x40825c"
  658. },
  659. {
  660. "name": "OpenClipboard",
  661. "address": "0x408260"
  662. },
  663. {
  664. "name": "TrackPopupMenu",
  665. "address": "0x408264"
  666. },
  667. {
  668. "name": "AppendMenuA",
  669. "address": "0x408268"
  670. },
  671. {
  672. "name": "EndPaint",
  673. "address": "0x40826c"
  674. },
  675. {
  676. "name": "DestroyWindow",
  677. "address": "0x408270"
  678. },
  679. {
  680. "name": "wsprintfA",
  681. "address": "0x408274"
  682. },
  683. {
  684. "name": "ShowWindow",
  685. "address": "0x408278"
  686. },
  687. {
  688. "name": "SetWindowTextA",
  689. "address": "0x40827c"
  690. }
  691. ],
  692. "dll": "USER32.dll"
  693. },
  694. {
  695. "imports": [
  696. {
  697. "name": "SelectObject",
  698. "address": "0x40804c"
  699. },
  700. {
  701. "name": "SetBkMode",
  702. "address": "0x408050"
  703. },
  704. {
  705. "name": "CreateFontIndirectA",
  706. "address": "0x408054"
  707. },
  708. {
  709. "name": "SetTextColor",
  710. "address": "0x408058"
  711. },
  712. {
  713. "name": "DeleteObject",
  714. "address": "0x40805c"
  715. },
  716. {
  717. "name": "GetDeviceCaps",
  718. "address": "0x408060"
  719. },
  720. {
  721. "name": "CreateBrushIndirect",
  722. "address": "0x408064"
  723. },
  724. {
  725. "name": "SetBkColor",
  726. "address": "0x408068"
  727. }
  728. ],
  729. "dll": "GDI32.dll"
  730. },
  731. {
  732. "imports": [
  733. {
  734. "name": "SHGetSpecialFolderLocation",
  735. "address": "0x408168"
  736. },
  737. {
  738. "name": "ShellExecuteExA",
  739. "address": "0x40816c"
  740. },
  741. {
  742. "name": "SHGetPathFromIDListA",
  743. "address": "0x408170"
  744. },
  745. {
  746. "name": "SHBrowseForFolderA",
  747. "address": "0x408174"
  748. },
  749. {
  750. "name": "SHGetFileInfoA",
  751. "address": "0x408178"
  752. },
  753. {
  754. "name": "SHFileOperationA",
  755. "address": "0x40817c"
  756. }
  757. ],
  758. "dll": "SHELL32.dll"
  759. },
  760. {
  761. "imports": [
  762. {
  763. "name": "AdjustTokenPrivileges",
  764. "address": "0x408000"
  765. },
  766. {
  767. "name": "RegCreateKeyExA",
  768. "address": "0x408004"
  769. },
  770. {
  771. "name": "RegOpenKeyExA",
  772. "address": "0x408008"
  773. },
  774. {
  775. "name": "SetFileSecurityA",
  776. "address": "0x40800c"
  777. },
  778. {
  779. "name": "OpenProcessToken",
  780. "address": "0x408010"
  781. },
  782. {
  783. "name": "LookupPrivilegeValueA",
  784. "address": "0x408014"
  785. },
  786. {
  787. "name": "RegEnumValueA",
  788. "address": "0x408018"
  789. },
  790. {
  791. "name": "RegDeleteKeyA",
  792. "address": "0x40801c"
  793. },
  794. {
  795. "name": "RegDeleteValueA",
  796. "address": "0x408020"
  797. },
  798. {
  799. "name": "RegCloseKey",
  800. "address": "0x408024"
  801. },
  802. {
  803. "name": "RegSetValueExA",
  804. "address": "0x408028"
  805. },
  806. {
  807. "name": "RegQueryValueExA",
  808. "address": "0x40802c"
  809. },
  810. {
  811. "name": "RegEnumKeyA",
  812. "address": "0x408030"
  813. }
  814. ],
  815. "dll": "ADVAPI32.dll"
  816. },
  817. {
  818. "imports": [
  819. {
  820. "name": "ImageList_Create",
  821. "address": "0x408038"
  822. },
  823. {
  824. "name": "ImageList_AddMasked",
  825. "address": "0x40803c"
  826. },
  827. {
  828. "name": "ImageList_Destroy",
  829. "address": "0x408040"
  830. },
  831. {
  832. "name": null,
  833. "address": "0x408044"
  834. }
  835. ],
  836. "dll": "COMCTL32.dll"
  837. },
  838. {
  839. "imports": [
  840. {
  841. "name": "OleUninitialize",
  842. "address": "0x408284"
  843. },
  844. {
  845. "name": "OleInitialize",
  846. "address": "0x408288"
  847. },
  848. {
  849. "name": "CoTaskMemFree",
  850. "address": "0x40828c"
  851. },
  852. {
  853. "name": "CoCreateInstance",
  854. "address": "0x408290"
  855. }
  856. ],
  857. "dll": "ole32.dll"
  858. }
  859. ],
  860. "digital_signers": null,
  861. "exported_dll_name": null,
  862. "actual_checksum": "0x0005c180",
  863. "overlay": {
  864. "size": "0x0004c739",
  865. "offset": "0x00009000"
  866. },
  867. "imagebase": "0x00400000",
  868. "reported_checksum": "0x00000000",
  869. "icon_hash": null,
  870. "entrypoint": "0x00403328",
  871. "timestamp": "2018-12-15 22:24:32",
  872. "osversion": "4.0",
  873. "sections": [
  874. {
  875. "name": ".text",
  876. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  877. "virtual_address": "0x00001000",
  878. "size_of_data": "0x00006200",
  879. "entropy": "6.40",
  880. "raw_address": "0x00000400",
  881. "virtual_size": "0x00006077",
  882. "characteristics_raw": "0x60000020"
  883. },
  884. {
  885. "name": ".rdata",
  886. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  887. "virtual_address": "0x00008000",
  888. "size_of_data": "0x00001400",
  889. "entropy": "5.04",
  890. "raw_address": "0x00006600",
  891. "virtual_size": "0x00001250",
  892. "characteristics_raw": "0x40000040"
  893. },
  894. {
  895. "name": ".data",
  896. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  897. "virtual_address": "0x0000a000",
  898. "size_of_data": "0x00000400",
  899. "entropy": "5.22",
  900. "raw_address": "0x00007a00",
  901. "virtual_size": "0x0001a838",
  902. "characteristics_raw": "0xc0000040"
  903. },
  904. {
  905. "name": ".ndata",
  906. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  907. "virtual_address": "0x00025000",
  908. "size_of_data": "0x00000000",
  909. "entropy": "0.00",
  910. "raw_address": "0x00000000",
  911. "virtual_size": "0x00008000",
  912. "characteristics_raw": "0xc0000080"
  913. },
  914. {
  915. "name": ".rsrc",
  916. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  917. "virtual_address": "0x0002d000",
  918. "size_of_data": "0x00001200",
  919. "entropy": "4.36",
  920. "raw_address": "0x00007e00",
  921. "virtual_size": "0x000010e8",
  922. "characteristics_raw": "0x40000040"
  923. }
  924. ],
  925. "resources": [],
  926. "dirents": [
  927. {
  928. "virtual_address": "0x00000000",
  929. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  930. "size": "0x00000000"
  931. },
  932. {
  933. "virtual_address": "0x00008430",
  934. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  935. "size": "0x000000a0"
  936. },
  937. {
  938. "virtual_address": "0x0002d000",
  939. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  940. "size": "0x000010e8"
  941. },
  942. {
  943. "virtual_address": "0x00000000",
  944. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  945. "size": "0x00000000"
  946. },
  947. {
  948. "virtual_address": "0x00000000",
  949. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  950. "size": "0x00000000"
  951. },
  952. {
  953. "virtual_address": "0x00000000",
  954. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  955. "size": "0x00000000"
  956. },
  957. {
  958. "virtual_address": "0x00000000",
  959. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  960. "size": "0x00000000"
  961. },
  962. {
  963. "virtual_address": "0x00000000",
  964. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  965. "size": "0x00000000"
  966. },
  967. {
  968. "virtual_address": "0x00000000",
  969. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  970. "size": "0x00000000"
  971. },
  972. {
  973. "virtual_address": "0x00000000",
  974. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  975. "size": "0x00000000"
  976. },
  977. {
  978. "virtual_address": "0x00000000",
  979. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  980. "size": "0x00000000"
  981. },
  982. {
  983. "virtual_address": "0x00000000",
  984. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  985. "size": "0x00000000"
  986. },
  987. {
  988. "virtual_address": "0x00008000",
  989. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  990. "size": "0x00000298"
  991. },
  992. {
  993. "virtual_address": "0x00000000",
  994. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  995. "size": "0x00000000"
  996. },
  997. {
  998. "virtual_address": "0x00000000",
  999. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1000. "size": "0x00000000"
  1001. },
  1002. {
  1003. "virtual_address": "0x00000000",
  1004. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1005. "size": "0x00000000"
  1006. }
  1007. ],
  1008. "exports": [],
  1009. "guest_signers": {},
  1010. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
  1011. "icon_fuzzy": null,
  1012. "icon": null,
  1013. "pdbpath": null,
  1014. "imported_dll_count": 7,
  1015. "versioninfo": []
  1016. }
  1017. }
  1018.  
  1019. [*] Resolved APIs: [
  1020. "version.dll.GetFileVersionInfoA",
  1021. "shfolder.dll.SHGetFolderPathA",
  1022. "shlwapi.dll.#437",
  1023. "cryptbase.dll.SystemFunction036",
  1024. "uxtheme.dll.ThemeInitApiHook",
  1025. "user32.dll.IsProcessDPIAware",
  1026. "setupapi.dll.CM_Get_Device_Interface_List_Size_ExW",
  1027. "setupapi.dll.CM_Get_Device_Interface_List_ExW",
  1028. "comctl32.dll.#386",
  1029. "kernel32.dll.GetUserDefaultUILanguage",
  1030. "shell32.dll.#680",
  1031. "system.dll.Alloc",
  1032. "system.dll.Call",
  1033. "splash.dll.show",
  1034. "kernel32.dll.CreateMutexA",
  1035. "tanna.dll.q",
  1036. "kernel32.dll.VirtualAlloc",
  1037. "kernel32.dll.CloseHandle",
  1038. "kernel32.dll.GetFileSize",
  1039. "kernel32.dll.GlobalAlloc",
  1040. "kernel32.dll.ReadFile",
  1041. "kernel32.dll.CreateFileA",
  1042. "kernel32.dll.LoadLibraryA",
  1043. "user32.dll.MessageBoxA",
  1044. "user32.dll.SetWindowPos",
  1045. "advapi32.dll.CryptDecrypt",
  1046. "kernel32.dll.GetSystemDirectoryA",
  1047. "kernel32.dll.SwitchToThread",
  1048. "kernel32.dll.WriteProfileStringA",
  1049. "kernel32.dll.SetThreadPriorityBoost",
  1050. "kernel32.dll.GetCurrentProcessId",
  1051. "kernel32.dll.WaitCommEvent",
  1052. "kernel32.dll.HeapCompact",
  1053. "cryptsp.dll.CryptDecrypt"
  1054. ]
  1055.  
  1056. [*] Static Analysis: {
  1057. "pe": {
  1058. "peid_signatures": null,
  1059. "imports": [
  1060. {
  1061. "imports": [
  1062. {
  1063. "name": "SetEnvironmentVariableA",
  1064. "address": "0x408070"
  1065. },
  1066. {
  1067. "name": "CreateFileA",
  1068. "address": "0x408074"
  1069. },
  1070. {
  1071. "name": "GetFileSize",
  1072. "address": "0x408078"
  1073. },
  1074. {
  1075. "name": "GetModuleFileNameA",
  1076. "address": "0x40807c"
  1077. },
  1078. {
  1079. "name": "ReadFile",
  1080. "address": "0x408080"
  1081. },
  1082. {
  1083. "name": "GetCurrentProcess",
  1084. "address": "0x408084"
  1085. },
  1086. {
  1087. "name": "CopyFileA",
  1088. "address": "0x408088"
  1089. },
  1090. {
  1091. "name": "Sleep",
  1092. "address": "0x40808c"
  1093. },
  1094. {
  1095. "name": "GetTickCount",
  1096. "address": "0x408090"
  1097. },
  1098. {
  1099. "name": "GetWindowsDirectoryA",
  1100. "address": "0x408094"
  1101. },
  1102. {
  1103. "name": "GetTempPathA",
  1104. "address": "0x408098"
  1105. },
  1106. {
  1107. "name": "GetCommandLineA",
  1108. "address": "0x40809c"
  1109. },
  1110. {
  1111. "name": "lstrlenA",
  1112. "address": "0x4080a0"
  1113. },
  1114. {
  1115. "name": "GetVersion",
  1116. "address": "0x4080a4"
  1117. },
  1118. {
  1119. "name": "SetErrorMode",
  1120. "address": "0x4080a8"
  1121. },
  1122. {
  1123. "name": "lstrcpynA",
  1124. "address": "0x4080ac"
  1125. },
  1126. {
  1127. "name": "ExitProcess",
  1128. "address": "0x4080b0"
  1129. },
  1130. {
  1131. "name": "SetCurrentDirectoryA",
  1132. "address": "0x4080b4"
  1133. },
  1134. {
  1135. "name": "GlobalLock",
  1136. "address": "0x4080b8"
  1137. },
  1138. {
  1139. "name": "CreateThread",
  1140. "address": "0x4080bc"
  1141. },
  1142. {
  1143. "name": "GetLastError",
  1144. "address": "0x4080c0"
  1145. },
  1146. {
  1147. "name": "CreateDirectoryA",
  1148. "address": "0x4080c4"
  1149. },
  1150. {
  1151. "name": "CreateProcessA",
  1152. "address": "0x4080c8"
  1153. },
  1154. {
  1155. "name": "RemoveDirectoryA",
  1156. "address": "0x4080cc"
  1157. },
  1158. {
  1159. "name": "GetTempFileNameA",
  1160. "address": "0x4080d0"
  1161. },
  1162. {
  1163. "name": "WriteFile",
  1164. "address": "0x4080d4"
  1165. },
  1166. {
  1167. "name": "lstrcpyA",
  1168. "address": "0x4080d8"
  1169. },
  1170. {
  1171. "name": "MoveFileExA",
  1172. "address": "0x4080dc"
  1173. },
  1174. {
  1175. "name": "lstrcatA",
  1176. "address": "0x4080e0"
  1177. },
  1178. {
  1179. "name": "GetSystemDirectoryA",
  1180. "address": "0x4080e4"
  1181. },
  1182. {
  1183. "name": "GetProcAddress",
  1184. "address": "0x4080e8"
  1185. },
  1186. {
  1187. "name": "GetExitCodeProcess",
  1188. "address": "0x4080ec"
  1189. },
  1190. {
  1191. "name": "WaitForSingleObject",
  1192. "address": "0x4080f0"
  1193. },
  1194. {
  1195. "name": "CompareFileTime",
  1196. "address": "0x4080f4"
  1197. },
  1198. {
  1199. "name": "SetFileAttributesA",
  1200. "address": "0x4080f8"
  1201. },
  1202. {
  1203. "name": "GetFileAttributesA",
  1204. "address": "0x4080fc"
  1205. },
  1206. {
  1207. "name": "GetShortPathNameA",
  1208. "address": "0x408100"
  1209. },
  1210. {
  1211. "name": "MoveFileA",
  1212. "address": "0x408104"
  1213. },
  1214. {
  1215. "name": "GetFullPathNameA",
  1216. "address": "0x408108"
  1217. },
  1218. {
  1219. "name": "SetFileTime",
  1220. "address": "0x40810c"
  1221. },
  1222. {
  1223. "name": "SearchPathA",
  1224. "address": "0x408110"
  1225. },
  1226. {
  1227. "name": "CloseHandle",
  1228. "address": "0x408114"
  1229. },
  1230. {
  1231. "name": "lstrcmpiA",
  1232. "address": "0x408118"
  1233. },
  1234. {
  1235. "name": "GlobalUnlock",
  1236. "address": "0x40811c"
  1237. },
  1238. {
  1239. "name": "GetDiskFreeSpaceA",
  1240. "address": "0x408120"
  1241. },
  1242. {
  1243. "name": "lstrcmpA",
  1244. "address": "0x408124"
  1245. },
  1246. {
  1247. "name": "FindFirstFileA",
  1248. "address": "0x408128"
  1249. },
  1250. {
  1251. "name": "FindNextFileA",
  1252. "address": "0x40812c"
  1253. },
  1254. {
  1255. "name": "DeleteFileA",
  1256. "address": "0x408130"
  1257. },
  1258. {
  1259. "name": "SetFilePointer",
  1260. "address": "0x408134"
  1261. },
  1262. {
  1263. "name": "GetPrivateProfileStringA",
  1264. "address": "0x408138"
  1265. },
  1266. {
  1267. "name": "FindClose",
  1268. "address": "0x40813c"
  1269. },
  1270. {
  1271. "name": "MultiByteToWideChar",
  1272. "address": "0x408140"
  1273. },
  1274. {
  1275. "name": "FreeLibrary",
  1276. "address": "0x408144"
  1277. },
  1278. {
  1279. "name": "MulDiv",
  1280. "address": "0x408148"
  1281. },
  1282. {
  1283. "name": "WritePrivateProfileStringA",
  1284. "address": "0x40814c"
  1285. },
  1286. {
  1287. "name": "LoadLibraryExA",
  1288. "address": "0x408150"
  1289. },
  1290. {
  1291. "name": "GetModuleHandleA",
  1292. "address": "0x408154"
  1293. },
  1294. {
  1295. "name": "GlobalAlloc",
  1296. "address": "0x408158"
  1297. },
  1298. {
  1299. "name": "GlobalFree",
  1300. "address": "0x40815c"
  1301. },
  1302. {
  1303. "name": "ExpandEnvironmentStringsA",
  1304. "address": "0x408160"
  1305. }
  1306. ],
  1307. "dll": "KERNEL32.dll"
  1308. },
  1309. {
  1310. "imports": [
  1311. {
  1312. "name": "ScreenToClient",
  1313. "address": "0x408184"
  1314. },
  1315. {
  1316. "name": "GetSystemMenu",
  1317. "address": "0x408188"
  1318. },
  1319. {
  1320. "name": "SetClassLongA",
  1321. "address": "0x40818c"
  1322. },
  1323. {
  1324. "name": "IsWindowEnabled",
  1325. "address": "0x408190"
  1326. },
  1327. {
  1328. "name": "SetWindowPos",
  1329. "address": "0x408194"
  1330. },
  1331. {
  1332. "name": "GetSysColor",
  1333. "address": "0x408198"
  1334. },
  1335. {
  1336. "name": "GetWindowLongA",
  1337. "address": "0x40819c"
  1338. },
  1339. {
  1340. "name": "SetCursor",
  1341. "address": "0x4081a0"
  1342. },
  1343. {
  1344. "name": "LoadCursorA",
  1345. "address": "0x4081a4"
  1346. },
  1347. {
  1348. "name": "CheckDlgButton",
  1349. "address": "0x4081a8"
  1350. },
  1351. {
  1352. "name": "GetMessagePos",
  1353. "address": "0x4081ac"
  1354. },
  1355. {
  1356. "name": "LoadBitmapA",
  1357. "address": "0x4081b0"
  1358. },
  1359. {
  1360. "name": "CallWindowProcA",
  1361. "address": "0x4081b4"
  1362. },
  1363. {
  1364. "name": "IsWindowVisible",
  1365. "address": "0x4081b8"
  1366. },
  1367. {
  1368. "name": "CloseClipboard",
  1369. "address": "0x4081bc"
  1370. },
  1371. {
  1372. "name": "SetClipboardData",
  1373. "address": "0x4081c0"
  1374. },
  1375. {
  1376. "name": "EmptyClipboard",
  1377. "address": "0x4081c4"
  1378. },
  1379. {
  1380. "name": "PostQuitMessage",
  1381. "address": "0x4081c8"
  1382. },
  1383. {
  1384. "name": "GetWindowRect",
  1385. "address": "0x4081cc"
  1386. },
  1387. {
  1388. "name": "EnableMenuItem",
  1389. "address": "0x4081d0"
  1390. },
  1391. {
  1392. "name": "CreatePopupMenu",
  1393. "address": "0x4081d4"
  1394. },
  1395. {
  1396. "name": "GetSystemMetrics",
  1397. "address": "0x4081d8"
  1398. },
  1399. {
  1400. "name": "SetDlgItemTextA",
  1401. "address": "0x4081dc"
  1402. },
  1403. {
  1404. "name": "GetDlgItemTextA",
  1405. "address": "0x4081e0"
  1406. },
  1407. {
  1408. "name": "MessageBoxIndirectA",
  1409. "address": "0x4081e4"
  1410. },
  1411. {
  1412. "name": "CharPrevA",
  1413. "address": "0x4081e8"
  1414. },
  1415. {
  1416. "name": "DispatchMessageA",
  1417. "address": "0x4081ec"
  1418. },
  1419. {
  1420. "name": "PeekMessageA",
  1421. "address": "0x4081f0"
  1422. },
  1423. {
  1424. "name": "ReleaseDC",
  1425. "address": "0x4081f4"
  1426. },
  1427. {
  1428. "name": "EnableWindow",
  1429. "address": "0x4081f8"
  1430. },
  1431. {
  1432. "name": "InvalidateRect",
  1433. "address": "0x4081fc"
  1434. },
  1435. {
  1436. "name": "SendMessageA",
  1437. "address": "0x408200"
  1438. },
  1439. {
  1440. "name": "DefWindowProcA",
  1441. "address": "0x408204"
  1442. },
  1443. {
  1444. "name": "BeginPaint",
  1445. "address": "0x408208"
  1446. },
  1447. {
  1448. "name": "GetClientRect",
  1449. "address": "0x40820c"
  1450. },
  1451. {
  1452. "name": "FillRect",
  1453. "address": "0x408210"
  1454. },
  1455. {
  1456. "name": "DrawTextA",
  1457. "address": "0x408214"
  1458. },
  1459. {
  1460. "name": "EndDialog",
  1461. "address": "0x408218"
  1462. },
  1463. {
  1464. "name": "RegisterClassA",
  1465. "address": "0x40821c"
  1466. },
  1467. {
  1468. "name": "SystemParametersInfoA",
  1469. "address": "0x408220"
  1470. },
  1471. {
  1472. "name": "CreateWindowExA",
  1473. "address": "0x408224"
  1474. },
  1475. {
  1476. "name": "GetClassInfoA",
  1477. "address": "0x408228"
  1478. },
  1479. {
  1480. "name": "DialogBoxParamA",
  1481. "address": "0x40822c"
  1482. },
  1483. {
  1484. "name": "CharNextA",
  1485. "address": "0x408230"
  1486. },
  1487. {
  1488. "name": "ExitWindowsEx",
  1489. "address": "0x408234"
  1490. },
  1491. {
  1492. "name": "GetDC",
  1493. "address": "0x408238"
  1494. },
  1495. {
  1496. "name": "CreateDialogParamA",
  1497. "address": "0x40823c"
  1498. },
  1499. {
  1500. "name": "SetTimer",
  1501. "address": "0x408240"
  1502. },
  1503. {
  1504. "name": "GetDlgItem",
  1505. "address": "0x408244"
  1506. },
  1507. {
  1508. "name": "SetWindowLongA",
  1509. "address": "0x408248"
  1510. },
  1511. {
  1512. "name": "SetForegroundWindow",
  1513. "address": "0x40824c"
  1514. },
  1515. {
  1516. "name": "LoadImageA",
  1517. "address": "0x408250"
  1518. },
  1519. {
  1520. "name": "IsWindow",
  1521. "address": "0x408254"
  1522. },
  1523. {
  1524. "name": "SendMessageTimeoutA",
  1525. "address": "0x408258"
  1526. },
  1527. {
  1528. "name": "FindWindowExA",
  1529. "address": "0x40825c"
  1530. },
  1531. {
  1532. "name": "OpenClipboard",
  1533. "address": "0x408260"
  1534. },
  1535. {
  1536. "name": "TrackPopupMenu",
  1537. "address": "0x408264"
  1538. },
  1539. {
  1540. "name": "AppendMenuA",
  1541. "address": "0x408268"
  1542. },
  1543. {
  1544. "name": "EndPaint",
  1545. "address": "0x40826c"
  1546. },
  1547. {
  1548. "name": "DestroyWindow",
  1549. "address": "0x408270"
  1550. },
  1551. {
  1552. "name": "wsprintfA",
  1553. "address": "0x408274"
  1554. },
  1555. {
  1556. "name": "ShowWindow",
  1557. "address": "0x408278"
  1558. },
  1559. {
  1560. "name": "SetWindowTextA",
  1561. "address": "0x40827c"
  1562. }
  1563. ],
  1564. "dll": "USER32.dll"
  1565. },
  1566. {
  1567. "imports": [
  1568. {
  1569. "name": "SelectObject",
  1570. "address": "0x40804c"
  1571. },
  1572. {
  1573. "name": "SetBkMode",
  1574. "address": "0x408050"
  1575. },
  1576. {
  1577. "name": "CreateFontIndirectA",
  1578. "address": "0x408054"
  1579. },
  1580. {
  1581. "name": "SetTextColor",
  1582. "address": "0x408058"
  1583. },
  1584. {
  1585. "name": "DeleteObject",
  1586. "address": "0x40805c"
  1587. },
  1588. {
  1589. "name": "GetDeviceCaps",
  1590. "address": "0x408060"
  1591. },
  1592. {
  1593. "name": "CreateBrushIndirect",
  1594. "address": "0x408064"
  1595. },
  1596. {
  1597. "name": "SetBkColor",
  1598. "address": "0x408068"
  1599. }
  1600. ],
  1601. "dll": "GDI32.dll"
  1602. },
  1603. {
  1604. "imports": [
  1605. {
  1606. "name": "SHGetSpecialFolderLocation",
  1607. "address": "0x408168"
  1608. },
  1609. {
  1610. "name": "ShellExecuteExA",
  1611. "address": "0x40816c"
  1612. },
  1613. {
  1614. "name": "SHGetPathFromIDListA",
  1615. "address": "0x408170"
  1616. },
  1617. {
  1618. "name": "SHBrowseForFolderA",
  1619. "address": "0x408174"
  1620. },
  1621. {
  1622. "name": "SHGetFileInfoA",
  1623. "address": "0x408178"
  1624. },
  1625. {
  1626. "name": "SHFileOperationA",
  1627. "address": "0x40817c"
  1628. }
  1629. ],
  1630. "dll": "SHELL32.dll"
  1631. },
  1632. {
  1633. "imports": [
  1634. {
  1635. "name": "AdjustTokenPrivileges",
  1636. "address": "0x408000"
  1637. },
  1638. {
  1639. "name": "RegCreateKeyExA",
  1640. "address": "0x408004"
  1641. },
  1642. {
  1643. "name": "RegOpenKeyExA",
  1644. "address": "0x408008"
  1645. },
  1646. {
  1647. "name": "SetFileSecurityA",
  1648. "address": "0x40800c"
  1649. },
  1650. {
  1651. "name": "OpenProcessToken",
  1652. "address": "0x408010"
  1653. },
  1654. {
  1655. "name": "LookupPrivilegeValueA",
  1656. "address": "0x408014"
  1657. },
  1658. {
  1659. "name": "RegEnumValueA",
  1660. "address": "0x408018"
  1661. },
  1662. {
  1663. "name": "RegDeleteKeyA",
  1664. "address": "0x40801c"
  1665. },
  1666. {
  1667. "name": "RegDeleteValueA",
  1668. "address": "0x408020"
  1669. },
  1670. {
  1671. "name": "RegCloseKey",
  1672. "address": "0x408024"
  1673. },
  1674. {
  1675. "name": "RegSetValueExA",
  1676. "address": "0x408028"
  1677. },
  1678. {
  1679. "name": "RegQueryValueExA",
  1680. "address": "0x40802c"
  1681. },
  1682. {
  1683. "name": "RegEnumKeyA",
  1684. "address": "0x408030"
  1685. }
  1686. ],
  1687. "dll": "ADVAPI32.dll"
  1688. },
  1689. {
  1690. "imports": [
  1691. {
  1692. "name": "ImageList_Create",
  1693. "address": "0x408038"
  1694. },
  1695. {
  1696. "name": "ImageList_AddMasked",
  1697. "address": "0x40803c"
  1698. },
  1699. {
  1700. "name": "ImageList_Destroy",
  1701. "address": "0x408040"
  1702. },
  1703. {
  1704. "name": null,
  1705. "address": "0x408044"
  1706. }
  1707. ],
  1708. "dll": "COMCTL32.dll"
  1709. },
  1710. {
  1711. "imports": [
  1712. {
  1713. "name": "OleUninitialize",
  1714. "address": "0x408284"
  1715. },
  1716. {
  1717. "name": "OleInitialize",
  1718. "address": "0x408288"
  1719. },
  1720. {
  1721. "name": "CoTaskMemFree",
  1722. "address": "0x40828c"
  1723. },
  1724. {
  1725. "name": "CoCreateInstance",
  1726. "address": "0x408290"
  1727. }
  1728. ],
  1729. "dll": "ole32.dll"
  1730. }
  1731. ],
  1732. "digital_signers": null,
  1733. "exported_dll_name": null,
  1734. "actual_checksum": "0x0005c180",
  1735. "overlay": {
  1736. "size": "0x0004c739",
  1737. "offset": "0x00009000"
  1738. },
  1739. "imagebase": "0x00400000",
  1740. "reported_checksum": "0x00000000",
  1741. "icon_hash": null,
  1742. "entrypoint": "0x00403328",
  1743. "timestamp": "2018-12-15 22:24:32",
  1744. "osversion": "4.0",
  1745. "sections": [
  1746. {
  1747. "name": ".text",
  1748. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1749. "virtual_address": "0x00001000",
  1750. "size_of_data": "0x00006200",
  1751. "entropy": "6.40",
  1752. "raw_address": "0x00000400",
  1753. "virtual_size": "0x00006077",
  1754. "characteristics_raw": "0x60000020"
  1755. },
  1756. {
  1757. "name": ".rdata",
  1758. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1759. "virtual_address": "0x00008000",
  1760. "size_of_data": "0x00001400",
  1761. "entropy": "5.04",
  1762. "raw_address": "0x00006600",
  1763. "virtual_size": "0x00001250",
  1764. "characteristics_raw": "0x40000040"
  1765. },
  1766. {
  1767. "name": ".data",
  1768. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1769. "virtual_address": "0x0000a000",
  1770. "size_of_data": "0x00000400",
  1771. "entropy": "5.22",
  1772. "raw_address": "0x00007a00",
  1773. "virtual_size": "0x0001a838",
  1774. "characteristics_raw": "0xc0000040"
  1775. },
  1776. {
  1777. "name": ".ndata",
  1778. "characteristics": "IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
  1779. "virtual_address": "0x00025000",
  1780. "size_of_data": "0x00000000",
  1781. "entropy": "0.00",
  1782. "raw_address": "0x00000000",
  1783. "virtual_size": "0x00008000",
  1784. "characteristics_raw": "0xc0000080"
  1785. },
  1786. {
  1787. "name": ".rsrc",
  1788. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1789. "virtual_address": "0x0002d000",
  1790. "size_of_data": "0x00001200",
  1791. "entropy": "4.36",
  1792. "raw_address": "0x00007e00",
  1793. "virtual_size": "0x000010e8",
  1794. "characteristics_raw": "0x40000040"
  1795. }
  1796. ],
  1797. "resources": [],
  1798. "dirents": [
  1799. {
  1800. "virtual_address": "0x00000000",
  1801. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1802. "size": "0x00000000"
  1803. },
  1804. {
  1805. "virtual_address": "0x00008430",
  1806. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1807. "size": "0x000000a0"
  1808. },
  1809. {
  1810. "virtual_address": "0x0002d000",
  1811. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1812. "size": "0x000010e8"
  1813. },
  1814. {
  1815. "virtual_address": "0x00000000",
  1816. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1817. "size": "0x00000000"
  1818. },
  1819. {
  1820. "virtual_address": "0x00000000",
  1821. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1822. "size": "0x00000000"
  1823. },
  1824. {
  1825. "virtual_address": "0x00000000",
  1826. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1827. "size": "0x00000000"
  1828. },
  1829. {
  1830. "virtual_address": "0x00000000",
  1831. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1832. "size": "0x00000000"
  1833. },
  1834. {
  1835. "virtual_address": "0x00000000",
  1836. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1837. "size": "0x00000000"
  1838. },
  1839. {
  1840. "virtual_address": "0x00000000",
  1841. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1842. "size": "0x00000000"
  1843. },
  1844. {
  1845. "virtual_address": "0x00000000",
  1846. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1847. "size": "0x00000000"
  1848. },
  1849. {
  1850. "virtual_address": "0x00000000",
  1851. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1852. "size": "0x00000000"
  1853. },
  1854. {
  1855. "virtual_address": "0x00000000",
  1856. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1857. "size": "0x00000000"
  1858. },
  1859. {
  1860. "virtual_address": "0x00008000",
  1861. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1862. "size": "0x00000298"
  1863. },
  1864. {
  1865. "virtual_address": "0x00000000",
  1866. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1867. "size": "0x00000000"
  1868. },
  1869. {
  1870. "virtual_address": "0x00000000",
  1871. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1872. "size": "0x00000000"
  1873. },
  1874. {
  1875. "virtual_address": "0x00000000",
  1876. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1877. "size": "0x00000000"
  1878. }
  1879. ],
  1880. "exports": [],
  1881. "guest_signers": {},
  1882. "imphash": "57e98d9a5a72c8d7ad8fb7a6a58b3daf",
  1883. "icon_fuzzy": null,
  1884. "icon": null,
  1885. "pdbpath": null,
  1886. "imported_dll_count": 7,
  1887. "versioninfo": []
  1888. }
  1889. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!