Exes_e7951257_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_e7951257.exe"
7. [*] File Size: 501760
8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
9. [*] SHA256: "be9940c6090d4b0d30f98fd46c555e9c905a72d653015cd37847acaea31cd4e9"
10. [*] MD5: "d997ce6a8c9166225f43dbc990136011"
11. [*] SHA1: "178cb1974c75aed9d31aefd9d8db4a7b536e2abf"
12. [*] SHA512: "527b57050e42ac7805eb00f23e0b6f4a6184e0a7cf6e1f461ba35c80a16f4b1465f20ea9a7b4667eec40772c8a4c89c795551f4cb4a6114390a9f1cd0998fe8f"
13. [*] CRC32: "E7951257"
14. [*] SSDEEP: "12288:lmeHu196U0eCmytWEJH2sSLF9tQG0fYQtWuotPq:TM96U0eCXoEJH2sSLFDQGSYlty"
15.  
16. [*] Process Execution: [
17. "Exes_e7951257.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "The binary likely contains encrypted or compressed data.",
23. "Details": [
24. {
25. "section": "name: .rsrc, entropy: 7.45, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00053600, virtual_size: 0x00053434"
26. }
27. ]
28. },
29. {
30. "Description": "Anomalous .NET characteristics",
31. "Details": [
32. {
33. "anomalous_version": "Assembly version is set to 0"
34. }
35. ]
36. },
37. {
38. "Description": "File has been identified by 37 Antiviruses on VirusTotal as malicious",
39. "Details": [
40. {
41. "MicroWorld-eScan": "Trojan.GenericKD.32055675"
42. },
43. {
44. "McAfee": "RDN/Generic BackDoor"
45. },
46. {
47. "Cylance": "Unsafe"
48. },
49. {
50. "AegisLab": "Trojan.MSIL.NanoBot.4!c"
51. },
52. {
53. "Alibaba": "Trojan:MSIL/Kryptik.c2064829"
54. },
55. {
56. "K7GW": "Trojan ( 0054ef891 )"
57. },
58. {
59. "Symantec": "ML.Attribute.HighConfidence"
60. },
61. {
62. "ESET-NOD32": "a variant of MSIL/Kryptik.RUC"
63. },
64. {
65. "APEX": "Malicious"
66. },
67. {
68. "Paloalto": "generic.ml"
69. },
70. {
71. "GData": "Win32.Trojan-Stealer.FormBook.8EYNBH"
72. },
73. {
74. "Kaspersky": "HEUR:Backdoor.MSIL.NanoBot.gen"
75. },
76. {
77. "BitDefender": "Trojan.GenericKD.32055675"
78. },
79. {
80. "Avast": "FileRepMalware"
81. },
82. {
83. "Ad-Aware": "Trojan.GenericKD.32055675"
84. },
85. {
86. "Sophos": "Mal/Generic-S"
87. },
88. {
89. "F-Secure": "Trojan.TR/Kryptik.jjbaj"
90. },
91. {
92. "DrWeb": "Trojan.PWS.Spy.21275"
93. },
94. {
95. "Invincea": "heuristic"
96. },
97. {
98. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.gh"
99. },
100. {
101. "FireEye": "Generic.mg.d997ce6a8c916622"
102. },
103. {
104. "Emsisoft": "Trojan.Crypt (A)"
105. },
106. {
107. "Cyren": "W32/Trojan.QVHM-1523"
108. },
109. {
110. "Endgame": "malicious (high confidence)"
111. },
112. {
113. "Avira": "TR/Kryptik.jjbaj"
114. },
115. {
116. "Microsoft": "Trojan:Win32/Tiggre!plock"
117. },
118. {
119. "ZoneAlarm": "HEUR:Backdoor.MSIL.NanoBot.gen"
120. },
121. {
122. "Acronis": "suspicious"
123. },
124. {
125. "ALYac": "Backdoor.Agent.NanoBot.Gen"
126. },
127. {
128. "TrendMicro-HouseCall": "TROJ_GEN.R002H0DFD19"
129. },
130. {
131. "Rising": "Backdoor.NanoBot!8.28C (CLOUD)"
132. },
133. {
134. "Ikarus": "Trojan.Inject"
135. },
136. {
137. "Fortinet": "MSIL/Kryptik.RUC!tr"
138. },
139. {
140. "AVG": "FileRepMalware"
141. },
142. {
143. "Cybereason": "malicious.74c75a"
144. },
145. {
146. "CrowdStrike": "win/malicious_confidence_100% (W)"
147. },
148. {
149. "Qihoo-360": "Win32/Backdoor.BO.5c9"
150. }
151. ]
152. }
153. ]
154.  
155. [*] Started Service: []
156.  
157. [*] Executed Commands: []
158.  
159. [*] Mutexes: []
160.  
161. [*] Modified Files: []
162.  
163. [*] Deleted Files: []
164.  
165. [*] Modified Registry Keys: []
166.  
167. [*] Deleted Registry Keys: []
168.  
169. [*] DNS Communications: []
170.  
171. [*] Domains: []
172.  
173. [*] Network Communication - ICMP: []
174.  
175. [*] Network Communication - HTTP: []
176.  
177. [*] Network Communication - SMTP: []
178.  
179. [*] Network Communication - Hosts: []
180.  
181. [*] Network Communication - IRC: []
182.  
183. [*] Static Analysis: {
184. "dotnet": {
185. "customattrs": [
186. {
187. "type": "TypeDef",
188. "name": "[mscorlib]System.Reflection.DefaultMemberAttribute",
189. "value": "It"
190. },
191. {
192. "type": "TypeDef",
193. "name": "[mscorlib]System.Reflection.DefaultMemberAttribute",
194. "value": "It"
195. }
196. ],
197. "assemblyinfo": {
198. "version": "0.0.0.0",
199. "name": "gmVyOXfzhWMQdivjma"
200. },
201. "assemblyrefs": [
202. {
203. "version": "4.0.0.0",
204. "name": "mscorlib"
205. },
206. {
207. "version": "4.0.0.0",
208. "name": "System.Web"
209. },
210. {
211. "version": "4.0.0.0",
212. "name": "System"
213. },
214. {
215. "version": "4.0.0.0",
216. "name": "System.Core"
217. },
218. {
219. "version": "4.0.0.0",
220. "name": "System.Configuration"
221. }
222. ],
223. "typerefs": [
224. {
225. "typename": "System.CodeDom.Compiler.CodeDomProvider",
226. "assembly": "System"
227. },
228. {
229. "typename": "System.Collections.Specialized.NameObjectCollectionBase",
230. "assembly": "System"
231. },
232. {
233. "typename": "System.Collections.Specialized.NameValueCollection",
234. "assembly": "System"
235. },
236. {
237. "typename": "System.ComponentModel.EditorBrowsableAttribute",
238. "assembly": "System"
239. },
240. {
241. "typename": "System.ComponentModel.EditorBrowsableState",
242. "assembly": "System"
243. },
244. {
245. "typename": "System.Net.Cookie",
246. "assembly": "System"
247. },
248. {
249. "typename": "System.Uri",
250. "assembly": "System"
251. },
252. {
253. "typename": "System.Configuration.ConfigurationElementCollection",
254. "assembly": "System.Configuration"
255. },
256. {
257. "typename": "System.Linq.Enumerable",
258. "assembly": "System.Core"
259. },
260. {
261. "typename": "System.Linq.Expressions.BinaryExpression",
262. "assembly": "System.Core"
263. },
264. {
265. "typename": "System.Linq.Expressions.Expression",
266. "assembly": "System.Core"
267. },
268. {
269. "typename": "System.Linq.Expressions.Expression`1",
270. "assembly": "System.Core"
271. },
272. {
273. "typename": "System.Linq.Expressions.MemberExpression",
274. "assembly": "System.Core"
275. },
276. {
277. "typename": "System.Linq.Expressions.MethodCallExpression",
278. "assembly": "System.Core"
279. },
280. {
281. "typename": "System.Linq.Expressions.ParameterExpression",
282. "assembly": "System.Core"
283. },
284. {
285. "typename": "System.Linq.Expressions.UnaryExpression",
286. "assembly": "System.Core"
287. },
288. {
289. "typename": "System.Web.ApplicationShutdownReason",
290. "assembly": "System.Web"
291. },
292. {
293. "typename": "System.Web.Compilation.BuildManager",
294. "assembly": "System.Web"
295. },
296. {
297. "typename": "System.Web.Configuration.HttpModuleAction",
298. "assembly": "System.Web"
299. },
300. {
301. "typename": "System.Web.Configuration.HttpModuleActionCollection",
302. "assembly": "System.Web"
303. },
304. {
305. "typename": "System.Web.Configuration.HttpModulesSection",
306. "assembly": "System.Web"
307. },
308. {
309. "typename": "System.Web.HttpApplication",
310. "assembly": "System.Web"
311. },
312. {
313. "typename": "System.Web.HttpContext",
314. "assembly": "System.Web"
315. },
316. {
317. "typename": "System.Web.HttpModuleCollection",
318. "assembly": "System.Web"
319. },
320. {
321. "typename": "System.Web.HttpRequest",
322. "assembly": "System.Web"
323. },
324. {
325. "typename": "System.Web.HttpRuntime",
326. "assembly": "System.Web"
327. },
328. {
329. "typename": "System.Web.HttpServerUtility",
330. "assembly": "System.Web"
331. },
332. {
333. "typename": "System.Web.IHttpModule",
334. "assembly": "System.Web"
335. },
336. {
337. "typename": "System.Web.Util.RequestValidationSource",
338. "assembly": "System.Web"
339. },
340. {
341. "typename": "Microsoft.Win32.Registry",
342. "assembly": "mscorlib"
343. },
344. {
345. "typename": "Microsoft.Win32.RegistryKey",
346. "assembly": "mscorlib"
347. },
348. {
349. "typename": "System.Action",
350. "assembly": "mscorlib"
351. },
352. {
353. "typename": "System.Action`1",
354. "assembly": "mscorlib"
355. },
356. {
357. "typename": "System.Action`2",
358. "assembly": "mscorlib"
359. },
360. {
361. "typename": "System.Action`3",
362. "assembly": "mscorlib"
363. },
364. {
365. "typename": "System.AppDomain",
366. "assembly": "mscorlib"
367. },
368. {
369. "typename": "System.ArgumentException",
370. "assembly": "mscorlib"
371. },
372. {
373. "typename": "System.ArgumentNullException",
374. "assembly": "mscorlib"
375. },
376. {
377. "typename": "System.Array",
378. "assembly": "mscorlib"
379. },
380. {
381. "typename": "System.AsyncCallback",
382. "assembly": "mscorlib"
383. },
384. {
385. "typename": "System.Boolean",
386. "assembly": "mscorlib"
387. },
388. {
389. "typename": "System.Collections.ArrayList",
390. "assembly": "mscorlib"
391. },
392. {
393. "typename": "System.Collections.DictionaryEntry",
394. "assembly": "mscorlib"
395. },
396. {
397. "typename": "System.Collections.Generic.IEnumerable`1",
398. "assembly": "mscorlib"
399. },
400. {
401. "typename": "System.Collections.Generic.List`1",
402. "assembly": "mscorlib"
403. },
404. {
405. "typename": "System.Collections.Generic.List`1/Enumerator",
406. "assembly": "mscorlib"
407. },
408. {
409. "typename": "System.Collections.Hashtable",
410. "assembly": "mscorlib"
411. },
412. {
413. "typename": "System.Collections.ICollection",
414. "assembly": "mscorlib"
415. },
416. {
417. "typename": "System.Collections.IDictionary",
418. "assembly": "mscorlib"
419. },
420. {
421. "typename": "System.Collections.IDictionaryEnumerator",
422. "assembly": "mscorlib"
423. },
424. {
425. "typename": "System.Collections.IEnumerable",
426. "assembly": "mscorlib"
427. },
428. {
429. "typename": "System.Collections.IEnumerator",
430. "assembly": "mscorlib"
431. },
432. {
433. "typename": "System.Collections.IEqualityComparer",
434. "assembly": "mscorlib"
435. },
436. {
437. "typename": "System.Collections.IList",
438. "assembly": "mscorlib"
439. },
440. {
441. "typename": "System.Converter`2",
442. "assembly": "mscorlib"
443. },
444. {
445. "typename": "System.Delegate",
446. "assembly": "mscorlib"
447. },
448. {
449. "typename": "System.Diagnostics.DebuggableAttribute",
450. "assembly": "mscorlib"
451. },
452. {
453. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
454. "assembly": "mscorlib"
455. },
456. {
457. "typename": "System.Enum",
458. "assembly": "mscorlib"
459. },
460. {
461. "typename": "System.Func`1",
462. "assembly": "mscorlib"
463. },
464. {
465. "typename": "System.Func`2",
466. "assembly": "mscorlib"
467. },
468. {
469. "typename": "System.Func`3",
470. "assembly": "mscorlib"
471. },
472. {
473. "typename": "System.Globalization.CultureInfo",
474. "assembly": "mscorlib"
475. },
476. {
477. "typename": "System.Guid",
478. "assembly": "mscorlib"
479. },
480. {
481. "typename": "System.IAsyncResult",
482. "assembly": "mscorlib"
483. },
484. {
485. "typename": "System.IDisposable",
486. "assembly": "mscorlib"
487. },
488. {
489. "typename": "System.IFormatProvider",
490. "assembly": "mscorlib"
491. },
492. {
493. "typename": "System.Int32",
494. "assembly": "mscorlib"
495. },
496. {
497. "typename": "System.IntPtr",
498. "assembly": "mscorlib"
499. },
500. {
501. "typename": "System.InvalidOperationException",
502. "assembly": "mscorlib"
503. },
504. {
505. "typename": "System.MulticastDelegate",
506. "assembly": "mscorlib"
507. },
508. {
509. "typename": "System.Nullable`1",
510. "assembly": "mscorlib"
511. },
512. {
513. "typename": "System.Object",
514. "assembly": "mscorlib"
515. },
516. {
517. "typename": "System.PlatformNotSupportedException",
518. "assembly": "mscorlib"
519. },
520. {
521. "typename": "System.Reflection.Assembly",
522. "assembly": "mscorlib"
523. },
524. {
525. "typename": "System.Reflection.AssemblyFileVersionAttribute",
526. "assembly": "mscorlib"
527. },
528. {
529. "typename": "System.Reflection.Binder",
530. "assembly": "mscorlib"
531. },
532. {
533. "typename": "System.Reflection.BindingFlags",
534. "assembly": "mscorlib"
535. },
536. {
537. "typename": "System.Reflection.ConstructorInfo",
538. "assembly": "mscorlib"
539. },
540. {
541. "typename": "System.Reflection.DefaultMemberAttribute",
542. "assembly": "mscorlib"
543. },
544. {
545. "typename": "System.Reflection.Emit.DynamicMethod",
546. "assembly": "mscorlib"
547. },
548. {
549. "typename": "System.Reflection.Emit.ILGenerator",
550. "assembly": "mscorlib"
551. },
552. {
553. "typename": "System.Reflection.Emit.OpCode",
554. "assembly": "mscorlib"
555. },
556. {
557. "typename": "System.Reflection.Emit.OpCodes",
558. "assembly": "mscorlib"
559. },
560. {
561. "typename": "System.Reflection.FieldInfo",
562. "assembly": "mscorlib"
563. },
564. {
565. "typename": "System.Reflection.MemberInfo",
566. "assembly": "mscorlib"
567. },
568. {
569. "typename": "System.Reflection.MethodBase",
570. "assembly": "mscorlib"
571. },
572. {
573. "typename": "System.Reflection.MethodInfo",
574. "assembly": "mscorlib"
575. },
576. {
577. "typename": "System.Reflection.ParameterInfo",
578. "assembly": "mscorlib"
579. },
580. {
581. "typename": "System.Reflection.ParameterModifier",
582. "assembly": "mscorlib"
583. },
584. {
585. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
586. "assembly": "mscorlib"
587. },
588. {
589. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
590. "assembly": "mscorlib"
591. },
592. {
593. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
594. "assembly": "mscorlib"
595. },
596. {
597. "typename": "System.RuntimeTypeHandle",
598. "assembly": "mscorlib"
599. },
600. {
601. "typename": "System.Security.CodeAccessPermission",
602. "assembly": "mscorlib"
603. },
604. {
605. "typename": "System.Security.Permissions.RegistryPermission",
606. "assembly": "mscorlib"
607. },
608. {
609. "typename": "System.Security.Permissions.RegistryPermissionAccess",
610. "assembly": "mscorlib"
611. },
612. {
613. "typename": "System.Security.SecurityCriticalAttribute",
614. "assembly": "mscorlib"
615. },
616. {
617. "typename": "System.Security.SecuritySafeCriticalAttribute",
618. "assembly": "mscorlib"
619. },
620. {
621. "typename": "System.String",
622. "assembly": "mscorlib"
623. },
624. {
625. "typename": "System.StringComparer",
626. "assembly": "mscorlib"
627. },
628. {
629. "typename": "System.StringComparison",
630. "assembly": "mscorlib"
631. },
632. {
633. "typename": "System.Text.StringBuilder",
634. "assembly": "mscorlib"
635. },
636. {
637. "typename": "System.Threading.Interlocked",
638. "assembly": "mscorlib"
639. },
640. {
641. "typename": "System.Threading.Monitor",
642. "assembly": "mscorlib"
643. },
644. {
645. "typename": "System.Type",
646. "assembly": "mscorlib"
647. },
648. {
649. "typename": "System.ValueType",
650. "assembly": "mscorlib"
651. },
652. {
653. "typename": "System.Version",
654. "assembly": "mscorlib"
655. },
656. {
657. "typename": "System.Void",
658. "assembly": "mscorlib"
659. }
660. ]
661. },
662. "pe": {
663. "peid_signatures": null,
664. "imports": [
665. {
666. "imports": [
667. {
668. "name": "_CorExeMain",
669. "address": "0x402000"
670. }
671. ],
672. "dll": "mscoree.dll"
673. }
674. ],
675. "digital_signers": null,
676. "exported_dll_name": null,
677. "actual_checksum": "0x00089639",
678. "overlay": {
679. "size": "0x00019000",
680. "offset": "0x00061800"
681. },
682. "imagebase": "0x00400000",
683. "reported_checksum": "0x00089639",
684. "icon_hash": null,
685. "entrypoint": "0x0040fcae",
686. "timestamp": "2019-05-06 19:37:27",
687. "osversion": "4.0",
688. "sections": [
689. {
690. "name": ".text",
691. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
692. "virtual_address": "0x00002000",
693. "size_of_data": "0x0000de00",
694. "entropy": "5.39",
695. "raw_address": "0x00000200",
696. "virtual_size": "0x0000dcb4",
697. "characteristics_raw": "0x60000020"
698. },
699. {
700. "name": ".rsrc",
701. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
702. "virtual_address": "0x00010000",
703. "size_of_data": "0x00053600",
704. "entropy": "7.45",
705. "raw_address": "0x0000e000",
706. "virtual_size": "0x00053434",
707. "characteristics_raw": "0x40000040"
708. },
709. {
710. "name": ".reloc",
711. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
712. "virtual_address": "0x00064000",
713. "size_of_data": "0x00000200",
714. "entropy": "0.08",
715. "raw_address": "0x00061600",
716. "virtual_size": "0x0000000c",
717. "characteristics_raw": "0x42000040"
718. }
719. ],
720. "resources": [],
721. "dirents": [
722. {
723. "virtual_address": "0x00000000",
724. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
725. "size": "0x00000000"
726. },
727. {
728. "virtual_address": "0x0000fc58",
729. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
730. "size": "0x00000053"
731. },
732. {
733. "virtual_address": "0x00010000",
734. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
735. "size": "0x00053434"
736. },
737. {
738. "virtual_address": "0x00000000",
739. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
740. "size": "0x00000000"
741. },
742. {
743. "virtual_address": "0x00000000",
744. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
745. "size": "0x00000000"
746. },
747. {
748. "virtual_address": "0x00064000",
749. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
750. "size": "0x0000000c"
751. },
752. {
753. "virtual_address": "0x0000fbd8",
754. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
755. "size": "0x0000001c"
756. },
757. {
758. "virtual_address": "0x00000000",
759. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
760. "size": "0x00000000"
761. },
762. {
763. "virtual_address": "0x00000000",
764. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
765. "size": "0x00000000"
766. },
767. {
768. "virtual_address": "0x00000000",
769. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
770. "size": "0x00000000"
771. },
772. {
773. "virtual_address": "0x00000000",
774. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
775. "size": "0x00000000"
776. },
777. {
778. "virtual_address": "0x00000000",
779. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
780. "size": "0x00000000"
781. },
782. {
783. "virtual_address": "0x00002000",
784. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
785. "size": "0x00000008"
786. },
787. {
788. "virtual_address": "0x00000000",
789. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
790. "size": "0x00000000"
791. },
792. {
793. "virtual_address": "0x00002008",
794. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
795. "size": "0x00000048"
796. },
797. {
798. "virtual_address": "0x00000000",
799. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
800. "size": "0x00000000"
801. }
802. ],
803. "exports": [],
804. "guest_signers": {},
805. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
806. "icon_fuzzy": null,
807. "icon": null,
808. "pdbpath": "C:\\xampp\\htdocs\\Aspire\\files\\root_gmVyOXfzhWMQdivj\\gmVyOXfzhWMQdivjma.pdb",
809. "imported_dll_count": 1,
810. "versioninfo": []
811. }
812. }
813.  
814. [*] Resolved APIs: [
815. "advapi32.dll.RegOpenKeyExW",
816. "advapi32.dll.RegQueryInfoKeyW",
817. "advapi32.dll.RegEnumKeyExW",
818. "advapi32.dll.RegEnumValueW",
819. "advapi32.dll.RegCloseKey",
820. "advapi32.dll.RegQueryValueExW",
821. "kernel32.dll.QueryActCtxW",
822. "shlwapi.dll.UrlIsW"
823. ]
824.  
825. [*] Static Analysis: {
826. "dotnet": {
827. "customattrs": [
828. {
829. "type": "TypeDef",
830. "name": "[mscorlib]System.Reflection.DefaultMemberAttribute",
831. "value": "It"
832. },
833. {
834. "type": "TypeDef",
835. "name": "[mscorlib]System.Reflection.DefaultMemberAttribute",
836. "value": "It"
837. }
838. ],
839. "assemblyinfo": {
840. "version": "0.0.0.0",
841. "name": "gmVyOXfzhWMQdivjma"
842. },
843. "assemblyrefs": [
844. {
845. "version": "4.0.0.0",
846. "name": "mscorlib"
847. },
848. {
849. "version": "4.0.0.0",
850. "name": "System.Web"
851. },
852. {
853. "version": "4.0.0.0",
854. "name": "System"
855. },
856. {
857. "version": "4.0.0.0",
858. "name": "System.Core"
859. },
860. {
861. "version": "4.0.0.0",
862. "name": "System.Configuration"
863. }
864. ],
865. "typerefs": [
866. {
867. "typename": "System.CodeDom.Compiler.CodeDomProvider",
868. "assembly": "System"
869. },
870. {
871. "typename": "System.Collections.Specialized.NameObjectCollectionBase",
872. "assembly": "System"
873. },
874. {
875. "typename": "System.Collections.Specialized.NameValueCollection",
876. "assembly": "System"
877. },
878. {
879. "typename": "System.ComponentModel.EditorBrowsableAttribute",
880. "assembly": "System"
881. },
882. {
883. "typename": "System.ComponentModel.EditorBrowsableState",
884. "assembly": "System"
885. },
886. {
887. "typename": "System.Net.Cookie",
888. "assembly": "System"
889. },
890. {
891. "typename": "System.Uri",
892. "assembly": "System"
893. },
894. {
895. "typename": "System.Configuration.ConfigurationElementCollection",
896. "assembly": "System.Configuration"
897. },
898. {
899. "typename": "System.Linq.Enumerable",
900. "assembly": "System.Core"
901. },
902. {
903. "typename": "System.Linq.Expressions.BinaryExpression",
904. "assembly": "System.Core"
905. },
906. {
907. "typename": "System.Linq.Expressions.Expression",
908. "assembly": "System.Core"
909. },
910. {
911. "typename": "System.Linq.Expressions.Expression`1",
912. "assembly": "System.Core"
913. },
914. {
915. "typename": "System.Linq.Expressions.MemberExpression",
916. "assembly": "System.Core"
917. },
918. {
919. "typename": "System.Linq.Expressions.MethodCallExpression",
920. "assembly": "System.Core"
921. },
922. {
923. "typename": "System.Linq.Expressions.ParameterExpression",
924. "assembly": "System.Core"
925. },
926. {
927. "typename": "System.Linq.Expressions.UnaryExpression",
928. "assembly": "System.Core"
929. },
930. {
931. "typename": "System.Web.ApplicationShutdownReason",
932. "assembly": "System.Web"
933. },
934. {
935. "typename": "System.Web.Compilation.BuildManager",
936. "assembly": "System.Web"
937. },
938. {
939. "typename": "System.Web.Configuration.HttpModuleAction",
940. "assembly": "System.Web"
941. },
942. {
943. "typename": "System.Web.Configuration.HttpModuleActionCollection",
944. "assembly": "System.Web"
945. },
946. {
947. "typename": "System.Web.Configuration.HttpModulesSection",
948. "assembly": "System.Web"
949. },
950. {
951. "typename": "System.Web.HttpApplication",
952. "assembly": "System.Web"
953. },
954. {
955. "typename": "System.Web.HttpContext",
956. "assembly": "System.Web"
957. },
958. {
959. "typename": "System.Web.HttpModuleCollection",
960. "assembly": "System.Web"
961. },
962. {
963. "typename": "System.Web.HttpRequest",
964. "assembly": "System.Web"
965. },
966. {
967. "typename": "System.Web.HttpRuntime",
968. "assembly": "System.Web"
969. },
970. {
971. "typename": "System.Web.HttpServerUtility",
972. "assembly": "System.Web"
973. },
974. {
975. "typename": "System.Web.IHttpModule",
976. "assembly": "System.Web"
977. },
978. {
979. "typename": "System.Web.Util.RequestValidationSource",
980. "assembly": "System.Web"
981. },
982. {
983. "typename": "Microsoft.Win32.Registry",
984. "assembly": "mscorlib"
985. },
986. {
987. "typename": "Microsoft.Win32.RegistryKey",
988. "assembly": "mscorlib"
989. },
990. {
991. "typename": "System.Action",
992. "assembly": "mscorlib"
993. },
994. {
995. "typename": "System.Action`1",
996. "assembly": "mscorlib"
997. },
998. {
999. "typename": "System.Action`2",
1000. "assembly": "mscorlib"
1001. },
1002. {
1003. "typename": "System.Action`3",
1004. "assembly": "mscorlib"
1005. },
1006. {
1007. "typename": "System.AppDomain",
1008. "assembly": "mscorlib"
1009. },
1010. {
1011. "typename": "System.ArgumentException",
1012. "assembly": "mscorlib"
1013. },
1014. {
1015. "typename": "System.ArgumentNullException",
1016. "assembly": "mscorlib"
1017. },
1018. {
1019. "typename": "System.Array",
1020. "assembly": "mscorlib"
1021. },
1022. {
1023. "typename": "System.AsyncCallback",
1024. "assembly": "mscorlib"
1025. },
1026. {
1027. "typename": "System.Boolean",
1028. "assembly": "mscorlib"
1029. },
1030. {
1031. "typename": "System.Collections.ArrayList",
1032. "assembly": "mscorlib"
1033. },
1034. {
1035. "typename": "System.Collections.DictionaryEntry",
1036. "assembly": "mscorlib"
1037. },
1038. {
1039. "typename": "System.Collections.Generic.IEnumerable`1",
1040. "assembly": "mscorlib"
1041. },
1042. {
1043. "typename": "System.Collections.Generic.List`1",
1044. "assembly": "mscorlib"
1045. },
1046. {
1047. "typename": "System.Collections.Generic.List`1/Enumerator",
1048. "assembly": "mscorlib"
1049. },
1050. {
1051. "typename": "System.Collections.Hashtable",
1052. "assembly": "mscorlib"
1053. },
1054. {
1055. "typename": "System.Collections.ICollection",
1056. "assembly": "mscorlib"
1057. },
1058. {
1059. "typename": "System.Collections.IDictionary",
1060. "assembly": "mscorlib"
1061. },
1062. {
1063. "typename": "System.Collections.IDictionaryEnumerator",
1064. "assembly": "mscorlib"
1065. },
1066. {
1067. "typename": "System.Collections.IEnumerable",
1068. "assembly": "mscorlib"
1069. },
1070. {
1071. "typename": "System.Collections.IEnumerator",
1072. "assembly": "mscorlib"
1073. },
1074. {
1075. "typename": "System.Collections.IEqualityComparer",
1076. "assembly": "mscorlib"
1077. },
1078. {
1079. "typename": "System.Collections.IList",
1080. "assembly": "mscorlib"
1081. },
1082. {
1083. "typename": "System.Converter`2",
1084. "assembly": "mscorlib"
1085. },
1086. {
1087. "typename": "System.Delegate",
1088. "assembly": "mscorlib"
1089. },
1090. {
1091. "typename": "System.Diagnostics.DebuggableAttribute",
1092. "assembly": "mscorlib"
1093. },
1094. {
1095. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
1096. "assembly": "mscorlib"
1097. },
1098. {
1099. "typename": "System.Enum",
1100. "assembly": "mscorlib"
1101. },
1102. {
1103. "typename": "System.Func`1",
1104. "assembly": "mscorlib"
1105. },
1106. {
1107. "typename": "System.Func`2",
1108. "assembly": "mscorlib"
1109. },
1110. {
1111. "typename": "System.Func`3",
1112. "assembly": "mscorlib"
1113. },
1114. {
1115. "typename": "System.Globalization.CultureInfo",
1116. "assembly": "mscorlib"
1117. },
1118. {
1119. "typename": "System.Guid",
1120. "assembly": "mscorlib"
1121. },
1122. {
1123. "typename": "System.IAsyncResult",
1124. "assembly": "mscorlib"
1125. },
1126. {
1127. "typename": "System.IDisposable",
1128. "assembly": "mscorlib"
1129. },
1130. {
1131. "typename": "System.IFormatProvider",
1132. "assembly": "mscorlib"
1133. },
1134. {
1135. "typename": "System.Int32",
1136. "assembly": "mscorlib"
1137. },
1138. {
1139. "typename": "System.IntPtr",
1140. "assembly": "mscorlib"
1141. },
1142. {
1143. "typename": "System.InvalidOperationException",
1144. "assembly": "mscorlib"
1145. },
1146. {
1147. "typename": "System.MulticastDelegate",
1148. "assembly": "mscorlib"
1149. },
1150. {
1151. "typename": "System.Nullable`1",
1152. "assembly": "mscorlib"
1153. },
1154. {
1155. "typename": "System.Object",
1156. "assembly": "mscorlib"
1157. },
1158. {
1159. "typename": "System.PlatformNotSupportedException",
1160. "assembly": "mscorlib"
1161. },
1162. {
1163. "typename": "System.Reflection.Assembly",
1164. "assembly": "mscorlib"
1165. },
1166. {
1167. "typename": "System.Reflection.AssemblyFileVersionAttribute",
1168. "assembly": "mscorlib"
1169. },
1170. {
1171. "typename": "System.Reflection.Binder",
1172. "assembly": "mscorlib"
1173. },
1174. {
1175. "typename": "System.Reflection.BindingFlags",
1176. "assembly": "mscorlib"
1177. },
1178. {
1179. "typename": "System.Reflection.ConstructorInfo",
1180. "assembly": "mscorlib"
1181. },
1182. {
1183. "typename": "System.Reflection.DefaultMemberAttribute",
1184. "assembly": "mscorlib"
1185. },
1186. {
1187. "typename": "System.Reflection.Emit.DynamicMethod",
1188. "assembly": "mscorlib"
1189. },
1190. {
1191. "typename": "System.Reflection.Emit.ILGenerator",
1192. "assembly": "mscorlib"
1193. },
1194. {
1195. "typename": "System.Reflection.Emit.OpCode",
1196. "assembly": "mscorlib"
1197. },
1198. {
1199. "typename": "System.Reflection.Emit.OpCodes",
1200. "assembly": "mscorlib"
1201. },
1202. {
1203. "typename": "System.Reflection.FieldInfo",
1204. "assembly": "mscorlib"
1205. },
1206. {
1207. "typename": "System.Reflection.MemberInfo",
1208. "assembly": "mscorlib"
1209. },
1210. {
1211. "typename": "System.Reflection.MethodBase",
1212. "assembly": "mscorlib"
1213. },
1214. {
1215. "typename": "System.Reflection.MethodInfo",
1216. "assembly": "mscorlib"
1217. },
1218. {
1219. "typename": "System.Reflection.ParameterInfo",
1220. "assembly": "mscorlib"
1221. },
1222. {
1223. "typename": "System.Reflection.ParameterModifier",
1224. "assembly": "mscorlib"
1225. },
1226. {
1227. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
1228. "assembly": "mscorlib"
1229. },
1230. {
1231. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
1232. "assembly": "mscorlib"
1233. },
1234. {
1235. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
1236. "assembly": "mscorlib"
1237. },
1238. {
1239. "typename": "System.RuntimeTypeHandle",
1240. "assembly": "mscorlib"
1241. },
1242. {
1243. "typename": "System.Security.CodeAccessPermission",
1244. "assembly": "mscorlib"
1245. },
1246. {
1247. "typename": "System.Security.Permissions.RegistryPermission",
1248. "assembly": "mscorlib"
1249. },
1250. {
1251. "typename": "System.Security.Permissions.RegistryPermissionAccess",
1252. "assembly": "mscorlib"
1253. },
1254. {
1255. "typename": "System.Security.SecurityCriticalAttribute",
1256. "assembly": "mscorlib"
1257. },
1258. {
1259. "typename": "System.Security.SecuritySafeCriticalAttribute",
1260. "assembly": "mscorlib"
1261. },
1262. {
1263. "typename": "System.String",
1264. "assembly": "mscorlib"
1265. },
1266. {
1267. "typename": "System.StringComparer",
1268. "assembly": "mscorlib"
1269. },
1270. {
1271. "typename": "System.StringComparison",
1272. "assembly": "mscorlib"
1273. },
1274. {
1275. "typename": "System.Text.StringBuilder",
1276. "assembly": "mscorlib"
1277. },
1278. {
1279. "typename": "System.Threading.Interlocked",
1280. "assembly": "mscorlib"
1281. },
1282. {
1283. "typename": "System.Threading.Monitor",
1284. "assembly": "mscorlib"
1285. },
1286. {
1287. "typename": "System.Type",
1288. "assembly": "mscorlib"
1289. },
1290. {
1291. "typename": "System.ValueType",
1292. "assembly": "mscorlib"
1293. },
1294. {
1295. "typename": "System.Version",
1296. "assembly": "mscorlib"
1297. },
1298. {
1299. "typename": "System.Void",
1300. "assembly": "mscorlib"
1301. }
1302. ]
1303. },
1304. "pe": {
1305. "peid_signatures": null,
1306. "imports": [
1307. {
1308. "imports": [
1309. {
1310. "name": "_CorExeMain",
1311. "address": "0x402000"
1312. }
1313. ],
1314. "dll": "mscoree.dll"
1315. }
1316. ],
1317. "digital_signers": null,
1318. "exported_dll_name": null,
1319. "actual_checksum": "0x00089639",
1320. "overlay": {
1321. "size": "0x00019000",
1322. "offset": "0x00061800"
1323. },
1324. "imagebase": "0x00400000",
1325. "reported_checksum": "0x00089639",
1326. "icon_hash": null,
1327. "entrypoint": "0x0040fcae",
1328. "timestamp": "2019-05-06 19:37:27",
1329. "osversion": "4.0",
1330. "sections": [
1331. {
1332. "name": ".text",
1333. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1334. "virtual_address": "0x00002000",
1335. "size_of_data": "0x0000de00",
1336. "entropy": "5.39",
1337. "raw_address": "0x00000200",
1338. "virtual_size": "0x0000dcb4",
1339. "characteristics_raw": "0x60000020"
1340. },
1341. {
1342. "name": ".rsrc",
1343. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1344. "virtual_address": "0x00010000",
1345. "size_of_data": "0x00053600",
1346. "entropy": "7.45",
1347. "raw_address": "0x0000e000",
1348. "virtual_size": "0x00053434",
1349. "characteristics_raw": "0x40000040"
1350. },
1351. {
1352. "name": ".reloc",
1353. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1354. "virtual_address": "0x00064000",
1355. "size_of_data": "0x00000200",
1356. "entropy": "0.08",
1357. "raw_address": "0x00061600",
1358. "virtual_size": "0x0000000c",
1359. "characteristics_raw": "0x42000040"
1360. }
1361. ],
1362. "resources": [],
1363. "dirents": [
1364. {
1365. "virtual_address": "0x00000000",
1366. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1367. "size": "0x00000000"
1368. },
1369. {
1370. "virtual_address": "0x0000fc58",
1371. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1372. "size": "0x00000053"
1373. },
1374. {
1375. "virtual_address": "0x00010000",
1376. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1377. "size": "0x00053434"
1378. },
1379. {
1380. "virtual_address": "0x00000000",
1381. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1382. "size": "0x00000000"
1383. },
1384. {
1385. "virtual_address": "0x00000000",
1386. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1387. "size": "0x00000000"
1388. },
1389. {
1390. "virtual_address": "0x00064000",
1391. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1392. "size": "0x0000000c"
1393. },
1394. {
1395. "virtual_address": "0x0000fbd8",
1396. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1397. "size": "0x0000001c"
1398. },
1399. {
1400. "virtual_address": "0x00000000",
1401. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1402. "size": "0x00000000"
1403. },
1404. {
1405. "virtual_address": "0x00000000",
1406. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1407. "size": "0x00000000"
1408. },
1409. {
1410. "virtual_address": "0x00000000",
1411. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1412. "size": "0x00000000"
1413. },
1414. {
1415. "virtual_address": "0x00000000",
1416. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1417. "size": "0x00000000"
1418. },
1419. {
1420. "virtual_address": "0x00000000",
1421. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1422. "size": "0x00000000"
1423. },
1424. {
1425. "virtual_address": "0x00002000",
1426. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1427. "size": "0x00000008"
1428. },
1429. {
1430. "virtual_address": "0x00000000",
1431. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1432. "size": "0x00000000"
1433. },
1434. {
1435. "virtual_address": "0x00002008",
1436. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1437. "size": "0x00000048"
1438. },
1439. {
1440. "virtual_address": "0x00000000",
1441. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1442. "size": "0x00000000"
1443. }
1444. ],
1445. "exports": [],
1446. "guest_signers": {},
1447. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
1448. "icon_fuzzy": null,
1449. "icon": null,
1450. "pdbpath": "C:\\xampp\\htdocs\\Aspire\\files\\root_gmVyOXfzhWMQdivj\\gmVyOXfzhWMQdivjma.pdb",
1451. "imported_dll_count": 1,
1452. "versioninfo": []
1453. }
1454. }