API tools faq
paste
Advertisement
paladin316

Exes_445035948ffae4ce3c4e0aa680cd1c61_exe_2019-06-26_17_30.json

paladin316
Jun 26th, 2019
1,353
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 50.15 KB | None | 0 0
raw download clone embed print report
  1.  
  2. [*] MalFamily: "Malicious"
  3.  
  4. [*] MalScore: 10.0
  5.  
  6. [*] File Name: "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  7. [*] File Size: 542208
  8. [*] File Type: "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows"
  9. [*] SHA256: "a68f19b9158aea1d029416b61492722c6fc9e6c8085175e508856c68e7b4c914"
  10. [*] MD5: "445035948ffae4ce3c4e0aa680cd1c61"
  11. [*] SHA1: "e707102d7af51a4de0d4e315f26abe615aab3765"
  12. [*] SHA512: "59e8a823423340eee0770036bdfecb560bda93e5adf85b1f6c4caf1fc13f1749d5ab52f4fb0566052d476a3cccbf21e9ffff0b56901ab176396fae93156ece63"
  13. [*] CRC32: "67E3E2C3"
  14. [*] SSDEEP: "12288:vmRO1iZUmKNbsgLCR25OF58r7PEGjSMnEZBopuHtdrjUx0KHFfGZ:vfoZUbFsgLCt38r7Pbn5msxFt"
  15.  
  16. [*] Process Execution: [
  17. "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  18. ]
  19.  
  20. [*] Signatures Detected: [
  21. {
  22. "Description": "Creates RWX memory",
  23. "Details": []
  24. },
  25. {
  26. "Description": "A process created a hidden window",
  27. "Details": [
  28. {
  29. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  30. },
  31. {
  32. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  33. },
  34. {
  35. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  36. },
  37. {
  38. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  39. },
  40. {
  41. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  42. },
  43. {
  44. "Process": "Exes_445035948ffae4ce3c4e0aa680cd1c61.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe"
  45. }
  46. ]
  47. },
  48. {
  49. "Description": "The binary likely contains encrypted or compressed data.",
  50. "Details": [
  51. {
  52. "section": "name: .text, entropy: 7.99, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x00083c00, virtual_size: 0x00083ae4"
  53. }
  54. ]
  55. },
  56. {
  57. "Description": "Attempts to remove evidence of file being downloaded from the Internet",
  58. "Details": [
  59. {
  60. "file": "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe:Zone.Identifier"
  61. }
  62. ]
  63. },
  64. {
  65. "Description": "Installs itself for autorun at Windows startup",
  66. "Details": [
  67. {
  68. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
  69. },
  70. {
  71. "data": "\"C:\\Users\\user\\AppData\\Roaming\\aKV3ogT14HzAXZdb\\ajkQOkogIyGI.exe\",explorer.exe"
  72. }
  73. ]
  74. },
  75. {
  76. "Description": "Creates a hidden or system file",
  77. "Details": [
  78. {
  79. "file": "C:\\Users\\user\\AppData\\Roaming\\aKV3ogT14HzAXZdb"
  80. },
  81. {
  82. "file": "C:\\Users\\user\\AppData\\Roaming\\aKV3ogT14HzAXZdb\\ajkQOkogIyGI.exe"
  83. }
  84. ]
  85. },
  86. {
  87. "Description": "File has been identified by 31 Antiviruses on VirusTotal as malicious",
  88. "Details": [
  89. {
  90. "FireEye": "Generic.mg.445035948ffae4ce"
  91. },
  92. {
  93. "McAfee": "RDN/Generic Exploit"
  94. },
  95. {
  96. "Alibaba": "Trojan:Win32/Starter.ali2000005"
  97. },
  98. {
  99. "Invincea": "heuristic"
  100. },
  101. {
  102. "Symantec": "Trojan Horse"
  103. },
  104. {
  105. "APEX": "Malicious"
  106. },
  107. {
  108. "Paloalto": "generic.ml"
  109. },
  110. {
  111. "Kaspersky": "HEUR:Backdoor.MSIL.Androm.gen"
  112. },
  113. {
  114. "Avast": "Win32:CrypterX-gen [Trj]"
  115. },
  116. {
  117. "Rising": "Trojan.Kryptik!8.8 (CLOUD)"
  118. },
  119. {
  120. "Comodo": "Malware@#3elejqhihw3z8"
  121. },
  122. {
  123. "F-Secure": "Heuristic.HEUR/AGEN.1035809"
  124. },
  125. {
  126. "DrWeb": "BackDoor.RevetRat.2"
  127. },
  128. {
  129. "McAfee-GW-Edition": "BehavesLike.Win32.Generic.hc"
  130. },
  131. {
  132. "Trapmine": "malicious.high.ml.score"
  133. },
  134. {
  135. "SentinelOne": "DFI - Malicious PE"
  136. },
  137. {
  138. "Avira": "HEUR/AGEN.1035809"
  139. },
  140. {
  141. "Microsoft": "Trojan:Win32/Zpevdo.B"
  142. },
  143. {
  144. "Endgame": "malicious (high confidence)"
  145. },
  146. {
  147. "ZoneAlarm": "HEUR:Backdoor.MSIL.Androm.gen"
  148. },
  149. {
  150. "GData": "Win32.Trojan-Spy.Heye.4698TC"
  151. },
  152. {
  153. "Acronis": "suspicious"
  154. },
  155. {
  156. "ESET-NOD32": "a variant of MSIL/Kryptik.QME"
  157. },
  158. {
  159. "TrendMicro-HouseCall": "TROJ_GEN.R002H0AFP19"
  160. },
  161. {
  162. "Tencent": "Win32.Trojan.Inject.Auto"
  163. },
  164. {
  165. "Ikarus": "Win32.Outbreak"
  166. },
  167. {
  168. "Fortinet": "MSIL/Kryptik.QME!tr"
  169. },
  170. {
  171. "AVG": "Win32:CrypterX-gen [Trj]"
  172. },
  173. {
  174. "Cybereason": "malicious.d7af51"
  175. },
  176. {
  177. "CrowdStrike": "win/malicious_confidence_100% (W)"
  178. },
  179. {
  180. "Qihoo-360": "HEUR/QVM03.0.1805.Malware.Gen"
  181. }
  182. ]
  183. },
  184. {
  185. "Description": "Creates a copy of itself",
  186. "Details": [
  187. {
  188. "copy": "C:\\Users\\user\\AppData\\Roaming\\aKV3ogT14HzAXZdb\\ajkQOkogIyGI.exe"
  189. }
  190. ]
  191. }
  192. ]
  193.  
  194. [*] Started Service: []
  195.  
  196. [*] Executed Commands: [
  197. "\"C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe\""
  198. ]
  199.  
  200. [*] Mutexes: [
  201. "Global\\CLR_CASOFF_MUTEX"
  202. ]
  203.  
  204. [*] Modified Files: [
  205. "C:\\Users\\user\\AppData\\Local\\GDIPFONTCACHEV1.DAT",
  206. "C:\\Users\\user\\AppData\\Roaming\\aKV3ogT14HzAXZdb\\ajkQOkogIyGI.exe"
  207. ]
  208.  
  209. [*] Deleted Files: [
  210. "C:\\Users\\user\\AppData\\Local\\Temp\\Exes_445035948ffae4ce3c4e0aa680cd1c61.exe:Zone.Identifier",
  211. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\security.config.cch.1400.24582359",
  212. "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.1400.24582359",
  213. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\security.config.cch.1400.24582359"
  214. ]
  215.  
  216. [*] Modified Registry Keys: [
  217. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell"
  218. ]
  219.  
  220. [*] Deleted Registry Keys: []
  221.  
  222. [*] DNS Communications: []
  223.  
  224. [*] Domains: []
  225.  
  226. [*] Network Communication - ICMP: []
  227.  
  228. [*] Network Communication - HTTP: []
  229.  
  230. [*] Network Communication - SMTP: []
  231.  
  232. [*] Network Communication - Hosts: []
  233.  
  234. [*] Network Communication - IRC: []
  235.  
  236. [*] Static Analysis: {
  237. "dotnet": {
  238. "customattrs": null,
  239. "assemblyinfo": {
  240. "version": "1.0.0.0",
  241. "name": "ChTable"
  242. },
  243. "assemblyrefs": [
  244. {
  245. "version": "2.0.0.0",
  246. "name": "mscorlib"
  247. },
  248. {
  249. "version": "2.0.0.0",
  250. "name": "System.Windows.Forms"
  251. },
  252. {
  253. "version": "2.0.0.0",
  254. "name": "System"
  255. },
  256. {
  257. "version": "2.0.0.0",
  258. "name": "System.Drawing"
  259. }
  260. ],
  261. "typerefs": [
  262. {
  263. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  264. "assembly": "System"
  265. },
  266. {
  267. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  268. "assembly": "System"
  269. },
  270. {
  271. "typename": "System.ComponentModel.EditorBrowsableState",
  272. "assembly": "System"
  273. },
  274. {
  275. "typename": "System.ComponentModel.IContainer",
  276. "assembly": "System"
  277. },
  278. {
  279. "typename": "System.Configuration.ApplicationSettingsBase",
  280. "assembly": "System"
  281. },
  282. {
  283. "typename": "System.Configuration.SettingsBase",
  284. "assembly": "System"
  285. },
  286. {
  287. "typename": "System.Drawing.Point",
  288. "assembly": "System.Drawing"
  289. },
  290. {
  291. "typename": "System.Drawing.Size",
  292. "assembly": "System.Drawing"
  293. },
  294. {
  295. "typename": "System.Drawing.SizeF",
  296. "assembly": "System.Drawing"
  297. },
  298. {
  299. "typename": "System.Windows.Forms.Application",
  300. "assembly": "System.Windows.Forms"
  301. },
  302. {
  303. "typename": "System.Windows.Forms.AutoScaleMode",
  304. "assembly": "System.Windows.Forms"
  305. },
  306. {
  307. "typename": "System.Windows.Forms.Button",
  308. "assembly": "System.Windows.Forms"
  309. },
  310. {
  311. "typename": "System.Windows.Forms.ButtonBase",
  312. "assembly": "System.Windows.Forms"
  313. },
  314. {
  315. "typename": "System.Windows.Forms.CommonDialog",
  316. "assembly": "System.Windows.Forms"
  317. },
  318. {
  319. "typename": "System.Windows.Forms.ContainerControl",
  320. "assembly": "System.Windows.Forms"
  321. },
  322. {
  323. "typename": "System.Windows.Forms.Control",
  324. "assembly": "System.Windows.Forms"
  325. },
  326. {
  327. "typename": "System.Windows.Forms.Control/ControlCollection",
  328. "assembly": "System.Windows.Forms"
  329. },
  330. {
  331. "typename": "System.Windows.Forms.DialogResult",
  332. "assembly": "System.Windows.Forms"
  333. },
  334. {
  335. "typename": "System.Windows.Forms.FileDialog",
  336. "assembly": "System.Windows.Forms"
  337. },
  338. {
  339. "typename": "System.Windows.Forms.Form",
  340. "assembly": "System.Windows.Forms"
  341. },
  342. {
  343. "typename": "System.Windows.Forms.GroupBox",
  344. "assembly": "System.Windows.Forms"
  345. },
  346. {
  347. "typename": "System.Windows.Forms.ListView",
  348. "assembly": "System.Windows.Forms"
  349. },
  350. {
  351. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  352. "assembly": "System.Windows.Forms"
  353. },
  354. {
  355. "typename": "System.Windows.Forms.ListViewItem",
  356. "assembly": "System.Windows.Forms"
  357. },
  358. {
  359. "typename": "System.Windows.Forms.OpenFileDialog",
  360. "assembly": "System.Windows.Forms"
  361. },
  362. {
  363. "typename": "System.Windows.Forms.TextBox",
  364. "assembly": "System.Windows.Forms"
  365. },
  366. {
  367. "typename": "System.Windows.Forms.TextBoxBase",
  368. "assembly": "System.Windows.Forms"
  369. },
  370. {
  371. "typename": "System.Action`1",
  372. "assembly": "mscorlib"
  373. },
  374. {
  375. "typename": "System.Activator",
  376. "assembly": "mscorlib"
  377. },
  378. {
  379. "typename": "System.ArgumentNullException",
  380. "assembly": "mscorlib"
  381. },
  382. {
  383. "typename": "System.Array",
  384. "assembly": "mscorlib"
  385. },
  386. {
  387. "typename": "System.Attribute",
  388. "assembly": "mscorlib"
  389. },
  390. {
  391. "typename": "System.BadImageFormatException",
  392. "assembly": "mscorlib"
  393. },
  394. {
  395. "typename": "System.Byte",
  396. "assembly": "mscorlib"
  397. },
  398. {
  399. "typename": "System.Collections.DictionaryEntry",
  400. "assembly": "mscorlib"
  401. },
  402. {
  403. "typename": "System.Collections.Generic.Dictionary`2",
  404. "assembly": "mscorlib"
  405. },
  406. {
  407. "typename": "System.Collections.Generic.IEnumerable`1",
  408. "assembly": "mscorlib"
  409. },
  410. {
  411. "typename": "System.Collections.Generic.IEnumerator`1",
  412. "assembly": "mscorlib"
  413. },
  414. {
  415. "typename": "System.Collections.Generic.List`1",
  416. "assembly": "mscorlib"
  417. },
  418. {
  419. "typename": "System.Collections.Generic.List`1/Enumerator",
  420. "assembly": "mscorlib"
  421. },
  422. {
  423. "typename": "System.Collections.ICollection",
  424. "assembly": "mscorlib"
  425. },
  426. {
  427. "typename": "System.Collections.IDictionaryEnumerator",
  428. "assembly": "mscorlib"
  429. },
  430. {
  431. "typename": "System.Collections.IEnumerable",
  432. "assembly": "mscorlib"
  433. },
  434. {
  435. "typename": "System.Collections.IEnumerator",
  436. "assembly": "mscorlib"
  437. },
  438. {
  439. "typename": "System.Collections.IList",
  440. "assembly": "mscorlib"
  441. },
  442. {
  443. "typename": "System.Delegate",
  444. "assembly": "mscorlib"
  445. },
  446. {
  447. "typename": "System.Diagnostics.DebuggableAttribute",
  448. "assembly": "mscorlib"
  449. },
  450. {
  451. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  452. "assembly": "mscorlib"
  453. },
  454. {
  455. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  456. "assembly": "mscorlib"
  457. },
  458. {
  459. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  460. "assembly": "mscorlib"
  461. },
  462. {
  463. "typename": "System.Environment",
  464. "assembly": "mscorlib"
  465. },
  466. {
  467. "typename": "System.EventArgs",
  468. "assembly": "mscorlib"
  469. },
  470. {
  471. "typename": "System.EventHandler",
  472. "assembly": "mscorlib"
  473. },
  474. {
  475. "typename": "System.Globalization.CultureInfo",
  476. "assembly": "mscorlib"
  477. },
  478. {
  479. "typename": "System.IDisposable",
  480. "assembly": "mscorlib"
  481. },
  482. {
  483. "typename": "System.IO.MemoryStream",
  484. "assembly": "mscorlib"
  485. },
  486. {
  487. "typename": "System.IO.SeekOrigin",
  488. "assembly": "mscorlib"
  489. },
  490. {
  491. "typename": "System.IO.Stream",
  492. "assembly": "mscorlib"
  493. },
  494. {
  495. "typename": "System.IO.StreamReader",
  496. "assembly": "mscorlib"
  497. },
  498. {
  499. "typename": "System.IO.TextReader",
  500. "assembly": "mscorlib"
  501. },
  502. {
  503. "typename": "System.NotSupportedException",
  504. "assembly": "mscorlib"
  505. },
  506. {
  507. "typename": "System.Object",
  508. "assembly": "mscorlib"
  509. },
  510. {
  511. "typename": "System.Predicate`1",
  512. "assembly": "mscorlib"
  513. },
  514. {
  515. "typename": "System.Random",
  516. "assembly": "mscorlib"
  517. },
  518. {
  519. "typename": "System.Reflection.Assembly",
  520. "assembly": "mscorlib"
  521. },
  522. {
  523. "typename": "System.Reflection.AssemblyCompanyAttribute",
  524. "assembly": "mscorlib"
  525. },
  526. {
  527. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  528. "assembly": "mscorlib"
  529. },
  530. {
  531. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  532. "assembly": "mscorlib"
  533. },
  534. {
  535. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  536. "assembly": "mscorlib"
  537. },
  538. {
  539. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  540. "assembly": "mscorlib"
  541. },
  542. {
  543. "typename": "System.Reflection.AssemblyProductAttribute",
  544. "assembly": "mscorlib"
  545. },
  546. {
  547. "typename": "System.Reflection.AssemblyTitleAttribute",
  548. "assembly": "mscorlib"
  549. },
  550. {
  551. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  552. "assembly": "mscorlib"
  553. },
  554. {
  555. "typename": "System.Resources.ResourceManager",
  556. "assembly": "mscorlib"
  557. },
  558. {
  559. "typename": "System.Resources.ResourceSet",
  560. "assembly": "mscorlib"
  561. },
  562. {
  563. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  564. "assembly": "mscorlib"
  565. },
  566. {
  567. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  568. "assembly": "mscorlib"
  569. },
  570. {
  571. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  572. "assembly": "mscorlib"
  573. },
  574. {
  575. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  576. "assembly": "mscorlib"
  577. },
  578. {
  579. "typename": "System.Runtime.InteropServices.GuidAttribute",
  580. "assembly": "mscorlib"
  581. },
  582. {
  583. "typename": "System.RuntimeTypeHandle",
  584. "assembly": "mscorlib"
  585. },
  586. {
  587. "typename": "System.STAThreadAttribute",
  588. "assembly": "mscorlib"
  589. },
  590. {
  591. "typename": "System.Security.UnverifiableCodeAttribute",
  592. "assembly": "mscorlib"
  593. },
  594. {
  595. "typename": "System.Threading.Monitor",
  596. "assembly": "mscorlib"
  597. },
  598. {
  599. "typename": "System.Threading.Thread",
  600. "assembly": "mscorlib"
  601. },
  602. {
  603. "typename": "System.Threading.ThreadStart",
  604. "assembly": "mscorlib"
  605. },
  606. {
  607. "typename": "System.Type",
  608. "assembly": "mscorlib"
  609. }
  610. ]
  611. },
  612. "pe": {
  613. "peid_signatures": null,
  614. "imports": [
  615. {
  616. "imports": [
  617. {
  618. "name": "_CorExeMain",
  619. "address": "0x402000"
  620. }
  621. ],
  622. "dll": "mscoree.dll"
  623. }
  624. ],
  625. "digital_signers": null,
  626. "exported_dll_name": null,
  627. "actual_checksum": "0x0008d5f1",
  628. "overlay": null,
  629. "imagebase": "0x00400000",
  630. "reported_checksum": "0x0008d5f1",
  631. "icon_hash": null,
  632. "entrypoint": "0x00485ade",
  633. "timestamp": "2019-06-23 14:01:26",
  634. "osversion": "4.0",
  635. "sections": [
  636. {
  637. "name": ".text",
  638. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  639. "virtual_address": "0x00002000",
  640. "size_of_data": "0x00083c00",
  641. "entropy": "7.99",
  642. "raw_address": "0x00000200",
  643. "virtual_size": "0x00083ae4",
  644. "characteristics_raw": "0x60000020"
  645. },
  646. {
  647. "name": ".rsrc",
  648. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  649. "virtual_address": "0x00086000",
  650. "size_of_data": "0x00000600",
  651. "entropy": "4.07",
  652. "raw_address": "0x00083e00",
  653. "virtual_size": "0x000005a8",
  654. "characteristics_raw": "0x40000040"
  655. },
  656. {
  657. "name": ".reloc",
  658. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  659. "virtual_address": "0x00088000",
  660. "size_of_data": "0x00000200",
  661. "entropy": "0.10",
  662. "raw_address": "0x00084400",
  663. "virtual_size": "0x0000000c",
  664. "characteristics_raw": "0x42000040"
  665. }
  666. ],
  667. "resources": [],
  668. "dirents": [
  669. {
  670. "virtual_address": "0x00000000",
  671. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  672. "size": "0x00000000"
  673. },
  674. {
  675. "virtual_address": "0x00085a90",
  676. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  677. "size": "0x0000004b"
  678. },
  679. {
  680. "virtual_address": "0x00086000",
  681. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  682. "size": "0x000005a8"
  683. },
  684. {
  685. "virtual_address": "0x00000000",
  686. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  687. "size": "0x00000000"
  688. },
  689. {
  690. "virtual_address": "0x00000000",
  691. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  692. "size": "0x00000000"
  693. },
  694. {
  695. "virtual_address": "0x00088000",
  696. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  697. "size": "0x0000000c"
  698. },
  699. {
  700. "virtual_address": "0x00000000",
  701. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  702. "size": "0x00000000"
  703. },
  704. {
  705. "virtual_address": "0x00000000",
  706. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  707. "size": "0x00000000"
  708. },
  709. {
  710. "virtual_address": "0x00000000",
  711. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  712. "size": "0x00000000"
  713. },
  714. {
  715. "virtual_address": "0x00000000",
  716. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  717. "size": "0x00000000"
  718. },
  719. {
  720. "virtual_address": "0x00000000",
  721. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  722. "size": "0x00000000"
  723. },
  724. {
  725. "virtual_address": "0x00000000",
  726. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  727. "size": "0x00000000"
  728. },
  729. {
  730. "virtual_address": "0x00002000",
  731. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  732. "size": "0x00000008"
  733. },
  734. {
  735. "virtual_address": "0x00000000",
  736. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  737. "size": "0x00000000"
  738. },
  739. {
  740. "virtual_address": "0x00002008",
  741. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  742. "size": "0x00000048"
  743. },
  744. {
  745. "virtual_address": "0x00000000",
  746. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  747. "size": "0x00000000"
  748. }
  749. ],
  750. "exports": [],
  751. "guest_signers": {},
  752. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  753. "icon_fuzzy": null,
  754. "icon": null,
  755. "pdbpath": null,
  756. "imported_dll_count": 1,
  757. "versioninfo": []
  758. }
  759. }
  760.  
  761. [*] Resolved APIs: [
  762. "advapi32.dll.RegOpenKeyExW",
  763. "advapi32.dll.RegQueryInfoKeyW",
  764. "advapi32.dll.RegEnumKeyExW",
  765. "advapi32.dll.RegEnumValueW",
  766. "advapi32.dll.RegCloseKey",
  767. "advapi32.dll.RegQueryValueExW",
  768. "kernel32.dll.QueryActCtxW",
  769. "shlwapi.dll.UrlIsW",
  770. "kernel32.dll.FlsAlloc",
  771. "kernel32.dll.FlsGetValue",
  772. "kernel32.dll.FlsSetValue",
  773. "kernel32.dll.FlsFree",
  774. "kernel32.dll.InitializeCriticalSectionAndSpinCount",
  775. "kernel32.dll.IsProcessorFeaturePresent",
  776. "msvcrt.dll._set_error_mode",
  777. "msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z",
  778. "kernel32.dll.FindActCtxSectionStringW",
  779. "kernel32.dll.GetSystemWindowsDirectoryW",
  780. "mscoree.dll.GetProcessExecutableHeap",
  781. "mscorwks.dll._CorExeMain",
  782. "mscorwks.dll.GetCLRFunction",
  783. "advapi32.dll.RegisterTraceGuidsW",
  784. "advapi32.dll.UnregisterTraceGuids",
  785. "advapi32.dll.GetTraceLoggerHandle",
  786. "advapi32.dll.GetTraceEnableLevel",
  787. "advapi32.dll.GetTraceEnableFlags",
  788. "advapi32.dll.TraceEvent",
  789. "mscoree.dll.IEE",
  790. "mscorwks.dll.IEE",
  791. "mscoree.dll.GetStartupFlags",
  792. "mscoree.dll.GetHostConfigurationFile",
  793. "mscoree.dll.GetCORSystemDirectory",
  794. "ntdll.dll.RtlUnwind",
  795. "kernel32.dll.IsWow64Process",
  796. "advapi32.dll.AllocateAndInitializeSid",
  797. "advapi32.dll.OpenProcessToken",
  798. "advapi32.dll.GetTokenInformation",
  799. "advapi32.dll.InitializeAcl",
  800. "advapi32.dll.AddAccessAllowedAce",
  801. "advapi32.dll.FreeSid",
  802. "kernel32.dll.SetThreadStackGuarantee",
  803. "kernel32.dll.AddVectoredContinueHandler",
  804. "kernel32.dll.RemoveVectoredContinueHandler",
  805. "advapi32.dll.ConvertSidToStringSidW",
  806. "shell32.dll.SHGetFolderPathW",
  807. "kernel32.dll.FlushProcessWriteBuffers",
  808. "kernel32.dll.GetWriteWatch",
  809. "kernel32.dll.ResetWriteWatch",
  810. "kernel32.dll.CreateMemoryResourceNotification",
  811. "kernel32.dll.QueryMemoryResourceNotification",
  812. "ole32.dll.CoInitializeEx",
  813. "cryptbase.dll.SystemFunction036",
  814. "uxtheme.dll.ThemeInitApiHook",
  815. "user32.dll.IsProcessDPIAware",
  816. "ole32.dll.CoGetContextToken",
  817. "kernel32.dll.GetFullPathNameW",
  818. "kernel32.dll.GetVersionExW",
  819. "advapi32.dll.CryptAcquireContextA",
  820. "advapi32.dll.CryptReleaseContext",
  821. "advapi32.dll.CryptCreateHash",
  822. "advapi32.dll.CryptDestroyHash",
  823. "advapi32.dll.CryptHashData",
  824. "advapi32.dll.CryptGetHashParam",
  825. "advapi32.dll.CryptImportKey",
  826. "advapi32.dll.CryptExportKey",
  827. "advapi32.dll.CryptGenKey",
  828. "advapi32.dll.CryptGetKeyParam",
  829. "advapi32.dll.CryptDestroyKey",
  830. "advapi32.dll.CryptVerifySignatureA",
  831. "advapi32.dll.CryptSignHashA",
  832. "advapi32.dll.CryptGetProvParam",
  833. "advapi32.dll.CryptGetUserKey",
  834. "advapi32.dll.CryptEnumProvidersA",
  835. "mscoree.dll.GetMetaDataInternalInterface",
  836. "mscorwks.dll.GetMetaDataInternalInterface",
  837. "mscorjit.dll.getJit",
  838. "uxtheme.dll.IsAppThemed",
  839. "kernel32.dll.CreateActCtxA",
  840. "ole32.dll.CoTaskMemAlloc",
  841. "ole32.dll.CoTaskMemFree",
  842. "user32.dll.RegisterWindowMessageW",
  843. "user32.dll.GetSystemMetrics",
  844. "user32.dll.AdjustWindowRectEx",
  845. "kernel32.dll.GetCurrentProcess",
  846. "kernel32.dll.GetCurrentThread",
  847. "kernel32.dll.DuplicateHandle",
  848. "kernel32.dll.GetCurrentThreadId",
  849. "kernel32.dll.GetCurrentActCtx",
  850. "kernel32.dll.ActivateActCtx",
  851. "kernel32.dll.lstrlen",
  852. "kernel32.dll.lstrlenW",
  853. "kernel32.dll.GetModuleHandleW",
  854. "kernel32.dll.GetProcAddress",
  855. "user32.dll.DefWindowProcW",
  856. "gdi32.dll.GetStockObject",
  857. "kernel32.dll.GetUserDefaultUILanguage",
  858. "user32.dll.RegisterClassW",
  859. "user32.dll.CreateWindowExW",
  860. "user32.dll.SetWindowLongW",
  861. "user32.dll.GetWindowLongW",
  862. "user32.dll.CallWindowProcW",
  863. "user32.dll.GetClientRect",
  864. "user32.dll.GetWindowRect",
  865. "user32.dll.GetParent",
  866. "kernel32.dll.DeactivateActCtx",
  867. "kernel32.dll.GetSystemDefaultLCID",
  868. "gdi32.dll.GetObjectW",
  869. "user32.dll.GetDC",
  870. "kernel32.dll.GetCurrentProcessId",
  871. "kernel32.dll.FindAtomW",
  872. "kernel32.dll.AddAtomW",
  873. "mscoree.dll.LoadLibraryShim",
  874. "gdiplus.dll.GdiplusStartup",
  875. "user32.dll.GetWindowInfo",
  876. "user32.dll.GetAncestor",
  877. "user32.dll.GetMonitorInfoA",
  878. "user32.dll.EnumDisplayMonitors",
  879. "user32.dll.EnumDisplayDevicesA",
  880. "gdi32.dll.ExtTextOutW",
  881. "gdi32.dll.GdiIsMetaPrintDC",
  882. "gdiplus.dll.GdipCreateFontFromLogfontW",
  883. "kernel32.dll.RegOpenKeyExW",
  884. "kernel32.dll.RegQueryInfoKeyA",
  885. "kernel32.dll.RegCloseKey",
  886. "kernel32.dll.RegCreateKeyExW",
  887. "kernel32.dll.RegQueryValueExW",
  888. "kernel32.dll.RegEnumValueW",
  889. "kernel32.dll.RegQueryInfoKeyW",
  890. "mscoree.dll.ND_RI2",
  891. "mscoree.dll.ND_RU1",
  892. "gdiplus.dll.GdipGetFontUnit",
  893. "gdiplus.dll.GdipGetFontSize",
  894. "gdiplus.dll.GdipGetFontStyle",
  895. "gdiplus.dll.GdipGetFamily",
  896. "user32.dll.ReleaseDC",
  897. "gdiplus.dll.GdipCreateFromHDC",
  898. "gdiplus.dll.GdipGetDpiY",
  899. "gdiplus.dll.GdipGetFontHeight",
  900. "gdiplus.dll.GdipGetEmHeight",
  901. "gdiplus.dll.GdipGetLineSpacing",
  902. "gdiplus.dll.GdipDeleteGraphics",
  903. "gdiplus.dll.GdipCreateFont",
  904. "gdiplus.dll.GdipDeleteFont",
  905. "gdiplus.dll.GdipGetLogFontW",
  906. "mscoree.dll.ND_WU1",
  907. "gdi32.dll.CreateFontIndirectW",
  908. "user32.dll.GetProcessWindowStation",
  909. "user32.dll.GetUserObjectInformationA",
  910. "kernel32.dll.SetConsoleCtrlHandler",
  911. "user32.dll.GetClassInfoW",
  912. "user32.dll.GetSysColor",
  913. "gdi32.dll.CreateCompatibleDC",
  914. "gdi32.dll.SelectObject",
  915. "gdi32.dll.GetTextMetricsW",
  916. "gdi32.dll.GetTextExtentPoint32W",
  917. "gdi32.dll.DeleteDC",
  918. "dwmapi.dll.DwmIsCompositionEnabled",
  919. "user32.dll.SetWindowTextW",
  920. "kernel32.dll.GetStartupInfoW",
  921. "gdi32.dll.GetDeviceCaps",
  922. "user32.dll.CreateIconFromResourceEx",
  923. "user32.dll.SendMessageW",
  924. "gdi32.dll.GetLayout",
  925. "gdi32.dll.GdiRealizationInfo",
  926. "gdi32.dll.FontIsLinked",
  927. "gdi32.dll.GetTextFaceAliasW",
  928. "gdi32.dll.GetFontAssocStatus",
  929. "advapi32.dll.RegQueryValueExA",
  930. "user32.dll.GetSystemMenu",
  931. "user32.dll.GetWindowPlacement",
  932. "user32.dll.EnableMenuItem",
  933. "user32.dll.GetWindowTextLengthW",
  934. "user32.dll.GetWindowTextW",
  935. "user32.dll.SetWindowPos",
  936. "user32.dll.RedrawWindow",
  937. "user32.dll.ShowWindow",
  938. "comctl32.dll.InitCommonControlsEx",
  939. "uxtheme.dll.OpenThemeData",
  940. "uxtheme.dll.GetThemeBool",
  941. "uxtheme.dll.IsThemePartDefined",
  942. "comctl32.dll.RegisterClassNameW",
  943. "uxtheme.dll.GetThemeColor",
  944. "uxtheme.dll.GetThemeMargins",
  945. "uxtheme.dll.GetThemeFont",
  946. "user32.dll.GetWindow",
  947. "user32.dll.MapWindowPoints",
  948. "user32.dll.InvalidateRect",
  949. "uxtheme.dll.EnableThemeDialogTexture",
  950. "imm32.dll.ImmIsIME",
  951. "kernel32.dll.SwitchToThread",
  952. "ole32.dll.CoWaitForMultipleHandles",
  953. "ole32.dll.CoUninitialize",
  954. "sechost.dll.LookupAccountNameLocalW",
  955. "advapi32.dll.LookupAccountSidW",
  956. "sechost.dll.LookupAccountSidLocalW",
  957. "cryptsp.dll.CryptAcquireContextW",
  958. "cryptsp.dll.CryptGenRandom",
  959. "ole32.dll.NdrOleInitializeExtension",
  960. "ole32.dll.CoGetClassObject",
  961. "ole32.dll.CoGetMarshalSizeMax",
  962. "ole32.dll.CoMarshalInterface",
  963. "ole32.dll.CoUnmarshalInterface",
  964. "ole32.dll.StringFromIID",
  965. "ole32.dll.CoGetPSClsid",
  966. "ole32.dll.CoCreateInstance",
  967. "ole32.dll.CoReleaseMarshalData",
  968. "ole32.dll.DcomChannelSetHResult",
  969. "rpcrtremote.dll.I_RpcExtInitializeExtensionPoint",
  970. "kernel32.dll.SetErrorMode",
  971. "kernel32.dll.GetFileAttributesExW",
  972. "culture.dll.ConvertLangIdToCultureName",
  973. "bcrypt.dll.BCryptGetFipsAlgorithmMode",
  974. "kernel32.dll.GlobalMemoryStatusEx",
  975. "kernel32.dll.CloseHandle",
  976. "advapi32.dll.LookupPrivilegeValueW",
  977. "advapi32.dll.AdjustTokenPrivileges",
  978. "kernel32.dll.OpenProcess",
  979. "psapi.dll.EnumProcessModules",
  980. "psapi.dll.GetModuleInformation",
  981. "psapi.dll.GetModuleBaseNameW",
  982. "psapi.dll.GetModuleFileNameExW",
  983. "kernel32.dll.GetExitCodeProcess",
  984. "advapi32.dll.LookupPrivilegeValueA",
  985. "advapi32.dll.GetKernelObjectSecurity",
  986. "advapi32.dll.CreateWellKnownSid",
  987. "advapi32.dll.SetKernelObjectSecurity",
  988. "kernel32.dll.DeleteFileA",
  989. "kernel32.dll.QueryPerformanceFrequency",
  990. "kernel32.dll.QueryPerformanceCounter",
  991. "shfolder.dll.SHGetFolderPathW",
  992. "kernel32.dll.CreateDirectoryW",
  993. "kernel32.dll.SetFileAttributesW",
  994. "kernel32.dll.CopyFileW",
  995. "advapi32.dll.RegSetValueExW",
  996. "kernel32.dll.CreateProcessA",
  997. "psapi.dll.EnumProcesses",
  998. "kernel32.dll.GetThreadContext",
  999. "kernel32.dll.ReadProcessMemory",
  1000. "kernel32.dll.VirtualAllocEx",
  1001. "kernel32.dll.TerminateProcess",
  1002. "ntdll.dll.NtQuerySystemInformation",
  1003. "kernel32.dll.OpenThread",
  1004. "kernel32.dll.TerminateThread",
  1005. "kernel32.dll.CreateActCtxW",
  1006. "kernel32.dll.AddRefActCtx",
  1007. "kernel32.dll.ReleaseActCtx",
  1008. "cryptsp.dll.CryptReleaseContext"
  1009. ]
  1010.  
  1011. [*] Static Analysis: {
  1012. "dotnet": {
  1013. "customattrs": null,
  1014. "assemblyinfo": {
  1015. "version": "1.0.0.0",
  1016. "name": "ChTable"
  1017. },
  1018. "assemblyrefs": [
  1019. {
  1020. "version": "2.0.0.0",
  1021. "name": "mscorlib"
  1022. },
  1023. {
  1024. "version": "2.0.0.0",
  1025. "name": "System.Windows.Forms"
  1026. },
  1027. {
  1028. "version": "2.0.0.0",
  1029. "name": "System"
  1030. },
  1031. {
  1032. "version": "2.0.0.0",
  1033. "name": "System.Drawing"
  1034. }
  1035. ],
  1036. "typerefs": [
  1037. {
  1038. "typename": "System.CodeDom.Compiler.GeneratedCodeAttribute",
  1039. "assembly": "System"
  1040. },
  1041. {
  1042. "typename": "System.ComponentModel.EditorBrowsableAttribute",
  1043. "assembly": "System"
  1044. },
  1045. {
  1046. "typename": "System.ComponentModel.EditorBrowsableState",
  1047. "assembly": "System"
  1048. },
  1049. {
  1050. "typename": "System.ComponentModel.IContainer",
  1051. "assembly": "System"
  1052. },
  1053. {
  1054. "typename": "System.Configuration.ApplicationSettingsBase",
  1055. "assembly": "System"
  1056. },
  1057. {
  1058. "typename": "System.Configuration.SettingsBase",
  1059. "assembly": "System"
  1060. },
  1061. {
  1062. "typename": "System.Drawing.Point",
  1063. "assembly": "System.Drawing"
  1064. },
  1065. {
  1066. "typename": "System.Drawing.Size",
  1067. "assembly": "System.Drawing"
  1068. },
  1069. {
  1070. "typename": "System.Drawing.SizeF",
  1071. "assembly": "System.Drawing"
  1072. },
  1073. {
  1074. "typename": "System.Windows.Forms.Application",
  1075. "assembly": "System.Windows.Forms"
  1076. },
  1077. {
  1078. "typename": "System.Windows.Forms.AutoScaleMode",
  1079. "assembly": "System.Windows.Forms"
  1080. },
  1081. {
  1082. "typename": "System.Windows.Forms.Button",
  1083. "assembly": "System.Windows.Forms"
  1084. },
  1085. {
  1086. "typename": "System.Windows.Forms.ButtonBase",
  1087. "assembly": "System.Windows.Forms"
  1088. },
  1089. {
  1090. "typename": "System.Windows.Forms.CommonDialog",
  1091. "assembly": "System.Windows.Forms"
  1092. },
  1093. {
  1094. "typename": "System.Windows.Forms.ContainerControl",
  1095. "assembly": "System.Windows.Forms"
  1096. },
  1097. {
  1098. "typename": "System.Windows.Forms.Control",
  1099. "assembly": "System.Windows.Forms"
  1100. },
  1101. {
  1102. "typename": "System.Windows.Forms.Control/ControlCollection",
  1103. "assembly": "System.Windows.Forms"
  1104. },
  1105. {
  1106. "typename": "System.Windows.Forms.DialogResult",
  1107. "assembly": "System.Windows.Forms"
  1108. },
  1109. {
  1110. "typename": "System.Windows.Forms.FileDialog",
  1111. "assembly": "System.Windows.Forms"
  1112. },
  1113. {
  1114. "typename": "System.Windows.Forms.Form",
  1115. "assembly": "System.Windows.Forms"
  1116. },
  1117. {
  1118. "typename": "System.Windows.Forms.GroupBox",
  1119. "assembly": "System.Windows.Forms"
  1120. },
  1121. {
  1122. "typename": "System.Windows.Forms.ListView",
  1123. "assembly": "System.Windows.Forms"
  1124. },
  1125. {
  1126. "typename": "System.Windows.Forms.ListView/ListViewItemCollection",
  1127. "assembly": "System.Windows.Forms"
  1128. },
  1129. {
  1130. "typename": "System.Windows.Forms.ListViewItem",
  1131. "assembly": "System.Windows.Forms"
  1132. },
  1133. {
  1134. "typename": "System.Windows.Forms.OpenFileDialog",
  1135. "assembly": "System.Windows.Forms"
  1136. },
  1137. {
  1138. "typename": "System.Windows.Forms.TextBox",
  1139. "assembly": "System.Windows.Forms"
  1140. },
  1141. {
  1142. "typename": "System.Windows.Forms.TextBoxBase",
  1143. "assembly": "System.Windows.Forms"
  1144. },
  1145. {
  1146. "typename": "System.Action`1",
  1147. "assembly": "mscorlib"
  1148. },
  1149. {
  1150. "typename": "System.Activator",
  1151. "assembly": "mscorlib"
  1152. },
  1153. {
  1154. "typename": "System.ArgumentNullException",
  1155. "assembly": "mscorlib"
  1156. },
  1157. {
  1158. "typename": "System.Array",
  1159. "assembly": "mscorlib"
  1160. },
  1161. {
  1162. "typename": "System.Attribute",
  1163. "assembly": "mscorlib"
  1164. },
  1165. {
  1166. "typename": "System.BadImageFormatException",
  1167. "assembly": "mscorlib"
  1168. },
  1169. {
  1170. "typename": "System.Byte",
  1171. "assembly": "mscorlib"
  1172. },
  1173. {
  1174. "typename": "System.Collections.DictionaryEntry",
  1175. "assembly": "mscorlib"
  1176. },
  1177. {
  1178. "typename": "System.Collections.Generic.Dictionary`2",
  1179. "assembly": "mscorlib"
  1180. },
  1181. {
  1182. "typename": "System.Collections.Generic.IEnumerable`1",
  1183. "assembly": "mscorlib"
  1184. },
  1185. {
  1186. "typename": "System.Collections.Generic.IEnumerator`1",
  1187. "assembly": "mscorlib"
  1188. },
  1189. {
  1190. "typename": "System.Collections.Generic.List`1",
  1191. "assembly": "mscorlib"
  1192. },
  1193. {
  1194. "typename": "System.Collections.Generic.List`1/Enumerator",
  1195. "assembly": "mscorlib"
  1196. },
  1197. {
  1198. "typename": "System.Collections.ICollection",
  1199. "assembly": "mscorlib"
  1200. },
  1201. {
  1202. "typename": "System.Collections.IDictionaryEnumerator",
  1203. "assembly": "mscorlib"
  1204. },
  1205. {
  1206. "typename": "System.Collections.IEnumerable",
  1207. "assembly": "mscorlib"
  1208. },
  1209. {
  1210. "typename": "System.Collections.IEnumerator",
  1211. "assembly": "mscorlib"
  1212. },
  1213. {
  1214. "typename": "System.Collections.IList",
  1215. "assembly": "mscorlib"
  1216. },
  1217. {
  1218. "typename": "System.Delegate",
  1219. "assembly": "mscorlib"
  1220. },
  1221. {
  1222. "typename": "System.Diagnostics.DebuggableAttribute",
  1223. "assembly": "mscorlib"
  1224. },
  1225. {
  1226. "typename": "System.Diagnostics.DebuggableAttribute/DebuggingModes",
  1227. "assembly": "mscorlib"
  1228. },
  1229. {
  1230. "typename": "System.Diagnostics.DebuggerHiddenAttribute",
  1231. "assembly": "mscorlib"
  1232. },
  1233. {
  1234. "typename": "System.Diagnostics.DebuggerNonUserCodeAttribute",
  1235. "assembly": "mscorlib"
  1236. },
  1237. {
  1238. "typename": "System.Environment",
  1239. "assembly": "mscorlib"
  1240. },
  1241. {
  1242. "typename": "System.EventArgs",
  1243. "assembly": "mscorlib"
  1244. },
  1245. {
  1246. "typename": "System.EventHandler",
  1247. "assembly": "mscorlib"
  1248. },
  1249. {
  1250. "typename": "System.Globalization.CultureInfo",
  1251. "assembly": "mscorlib"
  1252. },
  1253. {
  1254. "typename": "System.IDisposable",
  1255. "assembly": "mscorlib"
  1256. },
  1257. {
  1258. "typename": "System.IO.MemoryStream",
  1259. "assembly": "mscorlib"
  1260. },
  1261. {
  1262. "typename": "System.IO.SeekOrigin",
  1263. "assembly": "mscorlib"
  1264. },
  1265. {
  1266. "typename": "System.IO.Stream",
  1267. "assembly": "mscorlib"
  1268. },
  1269. {
  1270. "typename": "System.IO.StreamReader",
  1271. "assembly": "mscorlib"
  1272. },
  1273. {
  1274. "typename": "System.IO.TextReader",
  1275. "assembly": "mscorlib"
  1276. },
  1277. {
  1278. "typename": "System.NotSupportedException",
  1279. "assembly": "mscorlib"
  1280. },
  1281. {
  1282. "typename": "System.Object",
  1283. "assembly": "mscorlib"
  1284. },
  1285. {
  1286. "typename": "System.Predicate`1",
  1287. "assembly": "mscorlib"
  1288. },
  1289. {
  1290. "typename": "System.Random",
  1291. "assembly": "mscorlib"
  1292. },
  1293. {
  1294. "typename": "System.Reflection.Assembly",
  1295. "assembly": "mscorlib"
  1296. },
  1297. {
  1298. "typename": "System.Reflection.AssemblyCompanyAttribute",
  1299. "assembly": "mscorlib"
  1300. },
  1301. {
  1302. "typename": "System.Reflection.AssemblyConfigurationAttribute",
  1303. "assembly": "mscorlib"
  1304. },
  1305. {
  1306. "typename": "System.Reflection.AssemblyCopyrightAttribute",
  1307. "assembly": "mscorlib"
  1308. },
  1309. {
  1310. "typename": "System.Reflection.AssemblyDescriptionAttribute",
  1311. "assembly": "mscorlib"
  1312. },
  1313. {
  1314. "typename": "System.Reflection.AssemblyFileVersionAttribute",
  1315. "assembly": "mscorlib"
  1316. },
  1317. {
  1318. "typename": "System.Reflection.AssemblyProductAttribute",
  1319. "assembly": "mscorlib"
  1320. },
  1321. {
  1322. "typename": "System.Reflection.AssemblyTitleAttribute",
  1323. "assembly": "mscorlib"
  1324. },
  1325. {
  1326. "typename": "System.Reflection.AssemblyTrademarkAttribute",
  1327. "assembly": "mscorlib"
  1328. },
  1329. {
  1330. "typename": "System.Resources.ResourceManager",
  1331. "assembly": "mscorlib"
  1332. },
  1333. {
  1334. "typename": "System.Resources.ResourceSet",
  1335. "assembly": "mscorlib"
  1336. },
  1337. {
  1338. "typename": "System.Runtime.CompilerServices.CompilationRelaxationsAttribute",
  1339. "assembly": "mscorlib"
  1340. },
  1341. {
  1342. "typename": "System.Runtime.CompilerServices.CompilerGeneratedAttribute",
  1343. "assembly": "mscorlib"
  1344. },
  1345. {
  1346. "typename": "System.Runtime.CompilerServices.RuntimeCompatibilityAttribute",
  1347. "assembly": "mscorlib"
  1348. },
  1349. {
  1350. "typename": "System.Runtime.InteropServices.ComVisibleAttribute",
  1351. "assembly": "mscorlib"
  1352. },
  1353. {
  1354. "typename": "System.Runtime.InteropServices.GuidAttribute",
  1355. "assembly": "mscorlib"
  1356. },
  1357. {
  1358. "typename": "System.RuntimeTypeHandle",
  1359. "assembly": "mscorlib"
  1360. },
  1361. {
  1362. "typename": "System.STAThreadAttribute",
  1363. "assembly": "mscorlib"
  1364. },
  1365. {
  1366. "typename": "System.Security.UnverifiableCodeAttribute",
  1367. "assembly": "mscorlib"
  1368. },
  1369. {
  1370. "typename": "System.Threading.Monitor",
  1371. "assembly": "mscorlib"
  1372. },
  1373. {
  1374. "typename": "System.Threading.Thread",
  1375. "assembly": "mscorlib"
  1376. },
  1377. {
  1378. "typename": "System.Threading.ThreadStart",
  1379. "assembly": "mscorlib"
  1380. },
  1381. {
  1382. "typename": "System.Type",
  1383. "assembly": "mscorlib"
  1384. }
  1385. ]
  1386. },
  1387. "pe": {
  1388. "peid_signatures": null,
  1389. "imports": [
  1390. {
  1391. "imports": [
  1392. {
  1393. "name": "_CorExeMain",
  1394. "address": "0x402000"
  1395. }
  1396. ],
  1397. "dll": "mscoree.dll"
  1398. }
  1399. ],
  1400. "digital_signers": null,
  1401. "exported_dll_name": null,
  1402. "actual_checksum": "0x0008d5f1",
  1403. "overlay": null,
  1404. "imagebase": "0x00400000",
  1405. "reported_checksum": "0x0008d5f1",
  1406. "icon_hash": null,
  1407. "entrypoint": "0x00485ade",
  1408. "timestamp": "2019-06-23 14:01:26",
  1409. "osversion": "4.0",
  1410. "sections": [
  1411. {
  1412. "name": ".text",
  1413. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
  1414. "virtual_address": "0x00002000",
  1415. "size_of_data": "0x00083c00",
  1416. "entropy": "7.99",
  1417. "raw_address": "0x00000200",
  1418. "virtual_size": "0x00083ae4",
  1419. "characteristics_raw": "0x60000020"
  1420. },
  1421. {
  1422. "name": ".rsrc",
  1423. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
  1424. "virtual_address": "0x00086000",
  1425. "size_of_data": "0x00000600",
  1426. "entropy": "4.07",
  1427. "raw_address": "0x00083e00",
  1428. "virtual_size": "0x000005a8",
  1429. "characteristics_raw": "0x40000040"
  1430. },
  1431. {
  1432. "name": ".reloc",
  1433. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
  1434. "virtual_address": "0x00088000",
  1435. "size_of_data": "0x00000200",
  1436. "entropy": "0.10",
  1437. "raw_address": "0x00084400",
  1438. "virtual_size": "0x0000000c",
  1439. "characteristics_raw": "0x42000040"
  1440. }
  1441. ],
  1442. "resources": [],
  1443. "dirents": [
  1444. {
  1445. "virtual_address": "0x00000000",
  1446. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
  1447. "size": "0x00000000"
  1448. },
  1449. {
  1450. "virtual_address": "0x00085a90",
  1451. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
  1452. "size": "0x0000004b"
  1453. },
  1454. {
  1455. "virtual_address": "0x00086000",
  1456. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
  1457. "size": "0x000005a8"
  1458. },
  1459. {
  1460. "virtual_address": "0x00000000",
  1461. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
  1462. "size": "0x00000000"
  1463. },
  1464. {
  1465. "virtual_address": "0x00000000",
  1466. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
  1467. "size": "0x00000000"
  1468. },
  1469. {
  1470. "virtual_address": "0x00088000",
  1471. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
  1472. "size": "0x0000000c"
  1473. },
  1474. {
  1475. "virtual_address": "0x00000000",
  1476. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
  1477. "size": "0x00000000"
  1478. },
  1479. {
  1480. "virtual_address": "0x00000000",
  1481. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
  1482. "size": "0x00000000"
  1483. },
  1484. {
  1485. "virtual_address": "0x00000000",
  1486. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
  1487. "size": "0x00000000"
  1488. },
  1489. {
  1490. "virtual_address": "0x00000000",
  1491. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
  1492. "size": "0x00000000"
  1493. },
  1494. {
  1495. "virtual_address": "0x00000000",
  1496. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
  1497. "size": "0x00000000"
  1498. },
  1499. {
  1500. "virtual_address": "0x00000000",
  1501. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
  1502. "size": "0x00000000"
  1503. },
  1504. {
  1505. "virtual_address": "0x00002000",
  1506. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
  1507. "size": "0x00000008"
  1508. },
  1509. {
  1510. "virtual_address": "0x00000000",
  1511. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
  1512. "size": "0x00000000"
  1513. },
  1514. {
  1515. "virtual_address": "0x00002008",
  1516. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
  1517. "size": "0x00000048"
  1518. },
  1519. {
  1520. "virtual_address": "0x00000000",
  1521. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
  1522. "size": "0x00000000"
  1523. }
  1524. ],
  1525. "exports": [],
  1526. "guest_signers": {},
  1527. "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
  1528. "icon_fuzzy": null,
  1529. "icon": null,
  1530. "pdbpath": null,
  1531. "imported_dll_count": 1,
  1532. "versioninfo": []
  1533. }
  1534. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!