API tools faq
paste
moshsrv

locky 04-10-2017

moshsrv
Oct 4th, 2017
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.29 KB | None | 0 0
raw download clone embed print report
  1. Completed Time Severity File Name MD5 File Size Source IP
  2. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 196.44.108.181
  3. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 139.193.73.131
  4. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 191.253.81.10
  5. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 125.212.128.254
  6. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 122.163.71.252
  7. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 171.232.36.51
  8. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 14.230.154.196
  9. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 113.162.238.48
  10. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 37.156.131.88
  11. 2017-10-03 22:31 Very High DOC672.js C40BE65C4E1A438657D16944D7B9CD58 14389 62.82.138.210
  12. 2017-10-04 06:28 High DOC503.js 469D5F99901084CCFBA022064F68D594 13638 41.164.30.202
  13. 2017-10-04 06:16 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 128.65.254.64
  14. 2017-10-04 06:17 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 122.164.123.169
  15. 2017-10-04 06:22 Very High DOC345.js 8E8C7746121B291280370FB4E0E60E01 13895 42.118.197.235
  16. 2017-10-04 06:22 Very High DOC345.js 8E8C7746121B291280370FB4E0E60E01 13895 27.69.138.227
  17. 2017-10-04 06:25 Very High DOC264.js 07113A5D0B1461B0A3E98E7984ACA958 13640 116.103.94.248
  18. 2017-10-04 06:17 Very High DOC831.js 39C5BB976CD0342D4B0D078B12B9A738 14414 61.2.37.129
  19. 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 109.49.54.115
  20. 2017-10-03 22:30 Very High DOC827.js 91F23B31E9DA6ADDAE8756C5C141FB9B 14120 190.157.164.94
  21. 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 5.250.5.227
  22. 2017-10-03 21:25 Very High DOC514.js 49D64B3065E4CB13E78385CAD047BF96 15077 115.248.107.33
  23. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 41.228.14.215
  24. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 113.161.212.224
  25. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 62.150.168.194
  26. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 189.211.213.221
  27. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 189.193.41.117
  28. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 139.228.206.54
  29. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 167.63.70.243
  30. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 14.234.90.89
  31. 2017-10-03 23:39 Very High DOC954.js 548F6C5D41C0CB8E7D62A733A88697F5 15104 197.2.79.25
  32. 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 113.163.187.102
  33. 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 42.117.70.62
  34. 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 116.100.40.88
  35. 2017-10-03 23:40 Very High PDF608.js F721752FC1D51041B53B60C1335538F7 13637 167.58.201.86
  36. 2017-10-04 04:07 Very High DOC948.js C584FE8B114DACCF4AFCFF8A2C554B76 13632 113.165.244.219
  37. 2017-10-04 05:08 Very High PDF204.js 52CCF65163B4298BDA9C9FAA01AA0B2C 14120 182.16.158.18
  38. 2017-10-04 04:07 Very High DOC948.js C584FE8B114DACCF4AFCFF8A2C554B76 13632 177.232.19.136
  39. 2017-10-04 04:04 Very High PDF912.js 8F93EBB8495C9227800D8E7EB5949A4C 14869 171.232.166.104
  40. 2017-10-04 04:05 Very High DOC548.js F5DC6364CDD81CC241EB44F62E576C2F 13656 36.66.39.154
  41. 2017-10-04 05:10 Very High DOC888.js 79A348807FEB4CFD75C1BF346E4F5528 13907 2.185.178.142
  42. 2017-10-04 05:10 Very High DOC888.js 79A348807FEB4CFD75C1BF346E4F5528 13907 177.228.71.139
  43. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 201.67.51.117
  44. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 106.219.118.66
  45. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 5.202.84.86
  46. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 78.130.212.76
  47. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 190.204.181.120
  48. 2017-10-03 22:34 Very High DOC127.js 5E995D14889F4FEAB345AD8FC236C7E8 14357 187.3.70.81
  49.  
  50. ********************************************************************
  51. FileAlyzer © 2003-2011 Safer-Networking Ltd. All Rights Reserved.
  52. ********************************************************************
  53.  
  54.  
  55. File: C:\Users\x\Desktop\ppdf\UDqQmLVi2.exe
  56. Date: 04-10-2017 09:06:12
  57.  
  58.  
  59. &OpenSBI
  60. ========================================
  61. Advanced file parameters
  62. ----------------------------------------
  63.  
  64. &General
  65. ----------------------------------------
  66. filename: UDqQmLVi2.exe
  67. filepath: C:\Users\x\Desktop\ppdf\
  68. filesize: 588800
  69. timestamp[file]: 2017-10-04 07:39:34
  70. timestampraw[file]: 4B443CF1
  71. age[file]: 0
  72. attribs: A+D-H-L-R-S-
  73. attribs: A+
  74. attribs: D-H-L-R-S-
  75. filetype: PE
  76. crc32: B9E39A64
  77. md5: B75BD60DC3686FE62EB4A4A8372BE966
  78. sha1: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
  79. crc32[file]: B9E39A64
  80. md5[file]: B75BD60DC3686FE62EB4A4A8372BE966
  81. sha1[file]: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
  82.  
  83. MZ Header
  84. ----------------------------------------
  85. lastpagesize[mzheader]: 144
  86. totalpagecount[mzheader]: 3
  87. relocationitems[mzheader]: 0
  88. paragraphs[mzheader]: 4
  89. mininumextraparagraphs[mzdosheader]: 0
  90. maximumextraparagraphs[mzdosheader]: 65535
  91. initialstacksegment[mzdosheader]: 0000
  92. initialstackpointer[mzdosheader]: 00B8
  93. initialinstructionpointer[mzdosheader]: 0000
  94. initialcodesegment[mzdosheader]: 0000
  95. relocationtableoffset[mzdosheader]: 0040
  96. overlaynumber[mzdosheader]: 0
  97. peheaderpointer[mzdosheader]: 00000080
  98.  
  99. PE Header
  100. ----------------------------------------
  101. machine[peheader]: 014C
  102. sectioncount[peheader]: 4
  103. symboltablepointer[peheader]: 00000000
  104. symbolcount[peheader]: 0
  105. optionalheadersize[peheader]: 224
  106. characteristics[peheader]: 0313
  107. timestamp[peheader]: 2016-07-15 19:02:29
  108. timestampraw[peheader]: 57893345
  109. entrypoint[peheader]: 00002AFE
  110. codesize[peheader]: 42496
  111. initializeddatasize[peheader]: 545280
  112. uninitializeddatasize[peheader]: 0
  113. codebase[peheader]: 00001000
  114. database[peheader]: 0000C000
  115. checksum[peheader]: 0009BB22
  116. linkerversion[peheader]: 12.0
  117. imagebase[peheader]: 00400000
  118. sectionalignment[peheader]: 00001000
  119. filealignment[peheader]: 00000200
  120. osversion[peheader]: 5.1
  121. imageversion[peheader]: 0.0
  122. subsystemversion[peheader]: 5.1
  123. win32version[peheader]: 00000000
  124. imagesize[peheader]: 602112
  125. headerssize[peheader]: 1024
  126. subsystem[peheader]: 0002
  127. dllcharacteristics[peheader]: 8100
  128. stackreservesize[peheader]: 1048576
  129. stackcommitsize[peheader]: 4096
  130. heapreservesize[peheader]: 1048576
  131. heapcommitsize[peheader]: 4096
  132. loaderflags[peheader]: 00000000
  133. rvaandsizescount[peheader]: 16
  134. boundimportdiraddress[peheader]: 00000000
  135. boundimportdirsize[peheader]: 0
  136. comdescriptordiraddress[peheader]: 00000000
  137. comdescriptordirsize[peheader]: 0
  138. coprightdiraddress[peheader]: 00000000
  139. coprightdirsize[peheader]: 0
  140. debugdiraddress[peheader]: 00000000
  141. debugdirsize[peheader]: 0
  142. delayimportdiraddress[peheader]: 00000000
  143. delayimportdirsize[peheader]: 0
  144. exceptiondiraddress[peheader]: 00000000
  145. exceptiondirsize[peheader]: 0
  146. exportdiraddress[peheader]: 00000000
  147. exportdirsize[peheader]: 0
  148. globalptrdiraddress[peheader]: 00000000
  149. globalptrdirsize[peheader]: 0
  150. iatdiraddress[peheader]: 0000B3DC
  151. iatdirsize[peheader]: 168
  152. importdiraddress[peheader]: 0000C038
  153. importdirsize[peheader]: 120
  154. loadconfigdiraddress[peheader]: 00000000
  155. loadconfigdirsize[peheader]: 0
  156. relocationdiraddress[peheader]: 00090018
  157. relocationdirsize[peheader]: 4452
  158. resourcediraddress[peheader]: 00092000
  159. resourcedirsize[peheader]: 3120
  160. securitydiraddress[peheader]: 00000000
  161. securitydirsize[peheader]: 0
  162. tlsdiraddress[peheader]: 00000000
  163. tlsdirsize[peheader]: 0
  164.  
  165. PE Sections
  166. ----------------------------------------
  167. size[section]: .text-42496
  168. size[sectionindex]: 0-42496
  169. md5[section]: .text-069556B5B990003155495C1A5CAAEB8D
  170. md5[sectionindex]: 0-069556B5B990003155495C1A5CAAEB8D
  171. physicaladdress[section]: .text-00000400
  172. physicalsize[section]: .text-0000A600
  173. virtualaddress[section]: .text-00001000
  174. virtualsize[section]: .text-0000A484
  175. characteristics[section]: .text-60000020
  176. physicaladdress[sectionindex]: 0-00000400
  177. physicalsize[sectionindex]: 0-0000A600
  178. virtualaddress[sectionindex]: 0-00001000
  179. virtualsize[sectionindex]: 0-0000A484
  180. characteristics[sectionindex]: 0-60000020
  181. size[section]: .rdata-4608
  182. size[sectionindex]: 1-4608
  183. md5[section]: .rdata-7A8F7FA4988FFE8028B3726676C4084E
  184. md5[sectionindex]: 1-7A8F7FA4988FFE8028B3726676C4084E
  185. physicaladdress[section]: .rdata-0000AA00
  186. physicalsize[section]: .rdata-00001200
  187. virtualaddress[section]: .rdata-0000C000
  188. virtualsize[section]: .rdata-00001016
  189. characteristics[section]: .rdata-40000040
  190. physicaladdress[sectionindex]: 1-0000AA00
  191. physicalsize[sectionindex]: 1-00001200
  192. virtualaddress[sectionindex]: 1-0000C000
  193. virtualsize[sectionindex]: 1-00001016
  194. characteristics[sectionindex]: 1-40000040
  195. size[section]: .data-537088
  196. size[sectionindex]: 2-537088
  197. md5[section]: .data-34A9A327DE2337F8CE5F91B435543016
  198. md5[sectionindex]: 2-34A9A327DE2337F8CE5F91B435543016
  199. physicaladdress[section]: .data-0000BC00
  200. physicalsize[section]: .data-00083200
  201. virtualaddress[section]: .data-0000E000
  202. virtualsize[section]: .data-0008317C
  203. characteristics[section]: .data-C0000040
  204. physicaladdress[sectionindex]: 2-0000BC00
  205. physicalsize[sectionindex]: 2-00083200
  206. virtualaddress[sectionindex]: 2-0000E000
  207. virtualsize[sectionindex]: 2-0008317C
  208. characteristics[sectionindex]: 2-C0000040
  209. size[section]: .rsrc-3584
  210. size[sectionindex]: 3-3584
  211. md5[section]: .rsrc-1220B27A184FD8B44DE43104D74FE53A
  212. md5[sectionindex]: 3-1220B27A184FD8B44DE43104D74FE53A
  213. physicaladdress[section]: .rsrc-0008EE00
  214. physicalsize[section]: .rsrc-00000E00
  215. virtualaddress[section]: .rsrc-00092000
  216. virtualsize[section]: .rsrc-00000C30
  217. characteristics[section]: .rsrc-40000040
  218. physicaladdress[sectionindex]: 3-0008EE00
  219. physicalsize[sectionindex]: 3-00000E00
  220. virtualaddress[sectionindex]: 3-00092000
  221. virtualsize[sectionindex]: 3-00000C30
  222. characteristics[sectionindex]: 3-40000040
  223. size[sections]: 587776
  224. md5[sections]: 53410251E93BDA01E990C8F5D45660E0
  225. crc32[sections]: 490A823C
  226.  
  227. PE Exports
  228. ----------------------------------------
  229. md5[exports]: D41D8CD98F00B204E9800998ECF8427E
  230.  
  231.  
  232. Streams
  233. ========================================
  234. Invalid
  235. ----------------------------------------
  236.  
  237. Standard
  238. ----------------------------------------
  239. : 588800
  240.  
  241. Extended Attribute
  242. ----------------------------------------
  243.  
  244. Security
  245. ----------------------------------------
  246. : 152
  247.  
  248. Alternate
  249. ----------------------------------------
  250.  
  251. Hard link
  252. ----------------------------------------
  253.  
  254. Property
  255. ----------------------------------------
  256.  
  257. Object identifier
  258. ----------------------------------------
  259.  
  260. Reparse points
  261. ----------------------------------------
  262.  
  263. Sparse file
  264. ----------------------------------------
  265.  
  266.  
  267. Security
  268. ========================================
  269. SYSTEM (NT AUTHORITY)
  270. ----------------------------------------
  271. ACE Type: ACCESS_ALLOWED_ACE_TYPE
  272. Rights: FILE_ALL_ACCESS
  273.  
  274. Administrators (BUILTIN)
  275. ----------------------------------------
  276. ACE Type: ACCESS_ALLOWED_ACE_TYPE
  277. Rights: FILE_ALL_ACCESS
  278.  
  279. x (x-PC)
  280. ----------------------------------------
  281. ACE Type: ACCESS_ALLOWED_ACE_TYPE
  282. Rights: FILE_ALL_ACCESS
  283.  
  284.  
  285. Hashes
  286. ========================================
  287. Cyclic redundancy check
  288. ----------------------------------------
  289. CRC-32: Cyclic redundancy check, 32 bit: B9E39A64
  290.  
  291. Message-Digest algorithm
  292. ----------------------------------------
  293. MD5: Message-Digest algorithm 5: B75BD60DC3686FE62EB4A4A8372BE966
  294.  
  295. US Secure Hash Algorithm
  296. ----------------------------------------
  297. SHA-1: US Secure Hash Algorithm 1: 68FC9C06DEC69B161E940C385DD1B229F4F972B2
  298.  
  299. RACE Integrity Primitives Evaluation MD
  300. ----------------------------------------
  301.  
  302. HAVAL
  303. ----------------------------------------
  304.  
  305. Sapphire
  306. ----------------------------------------
  307.  
  308. Other
  309. ----------------------------------------
  310.  
  311. Other
  312. ----------------------------------------
  313.  
  314.  
  315. MZ Header
  316. ========================================
  317. MZ header
  318. ----------------------------------------
  319. Signature: 5A4D
  320. Last Page Size: 0090
  321. Total Pages In File: 0003
  322. Relocation Items: 0000
  323. Paragraphs: 0004
  324.  
  325. MZ DOS header
  326. ----------------------------------------
  327. Min Extra Paragraphs: 0000
  328. Max Extra Paragraphs: FFFF
  329. Initial Stack Segment: 0000
  330. Initial Stack Pointer: 00B8
  331. Checksum for Header: 0000
  332. Initial Instruction Pointer: 0000
  333. Initial Code Segment: 0000
  334. Relocation Table Offset: 0040
  335. Overlay Number: 00000
  336. Reserved #0: 00000000
  337. Reserved #1: 00000000
  338. Reserved #2: 00000000
  339. Reserved #3: 00000000
  340. Reserved #4: 00000000
  341. Reserved #5: 00000000
  342. Reserved #6: 00000000
  343. Reserved #7: 00000000
  344. PE Header Pointer: 00000080
  345.  
  346.  
  347. PE Header
  348. ========================================
  349. PE header
  350. ----------------------------------------
  351. Signature: 00004550
  352. Machine: 014C, Intel 386
  353. Number of sections: 0004
  354. Time/Date stamp (local): 57893345, 2016-07-15 20:02:29
  355. Time/Date stamp (UTC): 57893345, 2016-07-15 19:02:29
  356. Pointer to symbol table: 00000000
  357. Number of symbols: 00000000
  358. Size of optional header: 00E0
  359. Characteristics: 0313, Relocs Stripped, Executable, Aggressive Trim, 32bit Machine Expected, Debug Data Stripped
  360.  
  361. PE32 optional header
  362. ----------------------------------------
  363. Magic: 010B
  364. Version of Linker (major): 0C
  365. Version of Linker (minor): 00
  366. Size of code: 0000A600
  367. Size of initialized data: 00085200
  368. Size of uninitialized data: 00000000
  369. Address of entry point: 00002AFE
  370. Base of code: 00001000
  371. Base of data: 0000C000
  372. Image base: 00400000
  373. Section alignment: 00001000
  374. File alignment: 00000200
  375. OS version (major): 0005, Windows XP
  376. OS version (minor): 0001
  377. Image version (major): 0000
  378. Image version (minor): 0000
  379. Sub system version (major): 0005
  380. Sub system version (minor): 0001
  381. Win32 version: 00000000
  382. Size of image: 00093000
  383. Size of headers: 00000400
  384. Checksum: 0009BB22, does match file contents
  385. Sub system: 0002, Windows graphical user interface (GUI) subsystem
  386. DLL characteristics: 8100, NX compatible
  387. Size of stack reserve: 00100000
  388. Size of stack commit: 00001000
  389. Size of heap reserve: 00100000
  390. Size of heap commit: 00001000
  391. Loader flags: 00000000
  392. Number of RVA: 00000010
  393.  
  394. PE32+ optional header
  395. ----------------------------------------
  396.  
  397. PE32/PE32+ optional directories
  398. ----------------------------------------
  399. Export Directory Address: 00000000
  400. Export Directory Size: 00000000
  401. Import Directory Address: 0000C038
  402. Import Directory Size: 00000078
  403. Resource Directory Address: 00092000
  404. Resource Directory Size: 00000C30
  405. Exception Directory Address: 00000000
  406. Exception Directory Size: 00000000
  407. Security Directory Address: 00000000
  408. Security Directory Size: 00000000
  409. Relocation Directory Address: 00090018
  410. Relocation Directory Size: 00001164
  411. Debug Directory Address: 00000000
  412. Debug Directory Size: 00000000
  413. Coypright Directory Address: 00000000
  414. Coypright Directory Size: 00000000
  415. Global Ptr Directory Address: 00000000
  416. Global Ptr Directory Size: 00000000
  417. Thread L. S. DirectoryAddress: 00000000
  418. Thread L. S. Directory Size: 00000000
  419. Load Config Directory Address: 00000000
  420. Load Config Directory Size: 00000000
  421. Bound Import Directory Address: 00000000
  422. Bound Import Directory Size: 00000000
  423. IAT Directory Address: 0000B3DC
  424. IAT Directory Size: 000000A8
  425. Delay Import Address: 00000000
  426. Delay Import Size: 00000000
  427. COM Descriptor Address: 00000000
  428. COM Descriptor Size: 00000000
  429.  
  430. PE32 relocation table
  431. ----------------------------------------
  432.  
  433. PE32 thread local storage table
  434. ----------------------------------------
  435.  
  436. PE32+ thread local storage table
  437. ----------------------------------------
  438.  
  439. PE32 load config table
  440. ----------------------------------------
  441.  
  442. PE32+ load config table
  443. ----------------------------------------
  444.  
  445.  
  446. PE Sections
  447. ========================================
  448. PE sections
  449. ----------------------------------------
  450. .text: 0000A484, 00001000, 0000A600, 00000400, 60000020, 99F07409, 069556B5B990003155495C1A5CAAEB8D, * Code, Execute Access, Read Access
  451. .rdata: 00001016, 0000C000, 00001200, 0000AA00, 40000040, 37CB4F89, 7A8F7FA4988FFE8028B3726676C4084E, Initialized Data, Read Access
  452. .data: 0008317C, 0000E000, 00083200, 0000BC00, C0000040, 7282F1FF, 34A9A327DE2337F8CE5F91B435543016, Initialized Data, Read Access, Write Access
  453. .rsrc: 00000C30, 00092000, 00000E00, 0008EE00, 40000040, 46EF0194, 1220B27A184FD8B44DE43104D74FE53A, Initialized Data, Read Access
  454.  
  455.  
  456. PE Imports
  457. ========================================
  458. azroles.dll (5)
  459. ----------------------------------------
  460. AzCloseHandle: 0000C168, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  461. AzGetProperty: 0000C198, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  462. AzGroupCreate: 0000C188, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  463. AzGroupDelete: 0000C178, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  464. AzFreeMemory: 0000C158, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  465.  
  466. cmpbk32.dll (3)
  467. ----------------------------------------
  468. PhoneBookEnumNumbers: 0000C1CE, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
  469. PhoneBookLoad: 0000C1E6, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
  470. PhoneBookEnumCountries: 0000C1B4, ?, ?, ?, ?, ?, +, +, +, +, +, +, +, +, +, +
  471.  
  472. kernel32.dll (15)
  473. ----------------------------------------
  474. SetLastError: 0000C2F2, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  475. GetFileAttributesW: 0000C2DC, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  476. LoadLibraryA: 0000C212, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  477. GetModuleFileNameA: 0000C302, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  478. GetModuleHandleW: 0000C25E, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  479. GetLogicalDriveStringsA: 0000C282, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  480. GetProcAddress: 0000C2CA, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  481. CreateMailslotW: 0000C2B8, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  482. GetCommandLineW: 0000C238, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  483. CreateFileA: 0000C2AA, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  484. MoveFileExW: 0000C29C, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  485. MapViewOfFile: 0000C202, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  486. GetTickCount: 0000C272, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  487. WaitForSingleObject: 0000C222, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  488. CreateJobObjectW: 0000C24A, -, -, -, -, -, -, -, +, +, +, +, +, +, +, +
  489.  
  490. shimeng.dll (3)
  491. ----------------------------------------
  492. SE_InstallBeforeInit: 0000C3D0, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  493. SE_DllLoaded: 0000C3E8, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  494. SE_ProcessDying: 0000C3F8, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a, n/a
  495.  
  496. user32.dll (11)
  497. ----------------------------------------
  498. LoadCursorA: 0000C384, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  499. PeekMessageA: 0000C3A6, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  500. LoadIconA: 0000C334, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  501. CharToOemW: 0000C3B6, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  502. LoadStringW: 0000C34C, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  503. GetClassLongW: 0000C366, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  504. LoadMenuW: 0000C340, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  505. IsDialogMessageA: 0000C392, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  506. LoadBitmapW: 0000C326, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  507. InsertMenuW: 0000C376, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  508. GetPropA: 0000C35A, +, +, +, +, +, +, +, +, +, +, +, +, +, +, +
  509.  
  510.  
  511. PE Exports
  512. ========================================
  513. Header
  514. ----------------------------------------
  515.  
  516. Exports
  517. ----------------------------------------
  518.  
  519.  
  520. PE Resources
  521. ========================================
  522. EFDU
  523. ----------------------------------------
  524. 1: 0000
  525.  
  526. GERT
  527. ----------------------------------------
  528. 1: 0000
  529.  
  530. RT_RCDATA
  531. ----------------------------------------
  532. 2: 0000
  533. 3: 0000
  534.  
  535.  
  536. Archive
  537. ========================================
  538. NullSoft Installer Setup
  539. ----------------------------------------
  540.  
  541.  
  542. Compatibility
  543. ========================================
  544. Windows Versions we know about
  545. ----------------------------------------
  546. Windows 95 OSR 2/2.1 (Build: 1111) B: 4.0.1111
  547. Windows NT 4.0 (Build: 1381) Service Pack 1: 4.0.1381
  548. Windows NT 4.0 (Build: 1381) Service Pack 3: 4.0.1381
  549. Windows NT 4.0 (Build: 1381) Service Pack 4: 4.0.1381
  550. Windows NT 4.0 (Build: 1381) Service Pack 6: 4.0.1381
  551. Windows 98 (Build: 2222) A: 4.10.2222
  552. Windows ME (Build: 3000): 4.90.3000
  553. Windows 2000 (Build: 2195) Service Pack 1: 5.0.2195
  554. Windows 2000 (Build: 2195) Service Pack 2: 5.0.2195
  555. Windows 2000 (Build: 2195) Service Pack 3: 5.0.2195
  556. Windows 2000 (Build: 2195) Service Pack 4: 5.0.2195
  557. Windows XP (Build: 2600) Service Pack 1: 5.1.2600
  558. Windows XP (Build: 2600) Service Pack 2: 5.1.2600
  559. Windows 2003/XPx64 (Build: 3790) Service Pack 1: 5.2.3790
  560. Windows 2003/XPx64 (Build: 3790) Service Pack 2: 5.2.3790
  561.  
  562. Groups
  563. ----------------------------------------
  564.  
  565. Unsupported on Windows 95 OSR 2/2.1 (Build: 1111) B
  566. ----------------------------------------
  567. kernel32.dll:CreateJobObjectW:
  568.  
  569. Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 1
  570. ----------------------------------------
  571. kernel32.dll:CreateJobObjectW:
  572.  
  573. Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 3
  574. ----------------------------------------
  575. kernel32.dll:CreateJobObjectW:
  576.  
  577. Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 4
  578. ----------------------------------------
  579. kernel32.dll:CreateJobObjectW:
  580.  
  581. Unsupported on Windows NT 4.0 (Build: 1381) Service Pack 6
  582. ----------------------------------------
  583. kernel32.dll:CreateJobObjectW:
  584.  
  585. Unsupported on Windows 98 (Build: 2222) A
  586. ----------------------------------------
  587. kernel32.dll:CreateJobObjectW:
  588.  
  589. Unsupported on Windows ME (Build: 3000)
  590. ----------------------------------------
  591. kernel32.dll:CreateJobObjectW:
  592.  
  593. Unsupported on Windows 2000 (Build: 2195) Service Pack 1
  594. ----------------------------------------
  595.  
  596. Unsupported on Windows 2000 (Build: 2195) Service Pack 2
  597. ----------------------------------------
  598.  
  599. Unsupported on Windows 2000 (Build: 2195) Service Pack 3
  600. ----------------------------------------
  601.  
  602. Unsupported on Windows 2000 (Build: 2195) Service Pack 4
  603. ----------------------------------------
  604.  
  605. Unsupported on Windows XP (Build: 2600) Service Pack 1
  606. ----------------------------------------
  607.  
  608. Unsupported on Windows XP (Build: 2600) Service Pack 2
  609. ----------------------------------------
  610.  
  611. Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 1
  612. ----------------------------------------
  613.  
  614. Unsupported on Windows 2003/XPx64 (Build: 3790) Service Pack 2
  615. ----------------------------------------
  616.  
  617. Functions without information available
  618. ----------------------------------------
  619. azroles.dll:AzCloseHandle:
  620. azroles.dll:AzGetProperty:
  621. azroles.dll:AzGroupCreate:
  622. azroles.dll:AzGroupDelete:
  623. azroles.dll:AzFreeMemory:
  624. shimeng.dll:SE_InstallBeforeInit:
  625. shimeng.dll:SE_DllLoaded:
  626. shimeng.dll:SE_ProcessDying:
  627.  
  628.  
  629. Classification Sources
  630. ========================================
  631. Whitelists
  632. ----------------------------------------
  633.  
  634. Blacklists
  635. ----------------------------------------
  636. Malware Hash Registry (Team Cymru): n/a, n/a
  637.  
  638. Mixed lists
  639. ----------------------------------------
  640.  
  641.  
  642. VirusTotal
  643. ========================================
  644. Meta Information
  645. ----------------------------------------
  646. Lookup ID (md5): B75BD60DC3686FE62EB4A4A8372BE966
  647. Results: none
  648.  
  649. Results
  650. ----------------------------------------
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!