diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index 4d40f0c99b3..2abdbc5205c 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -62,6 +62,7 @@ The list below covers the major changes between 7.0.0-rc2 and master only. ==== Added +- Add VirusTotal Intelligence Live Hunt module. {issue}21541[21541] {pull}21815[21815] - Add configuration for APM instrumentation and expose the tracer trough the Beat object. {pull}17938[17938] - Make the behavior of clientWorker and netClientWorker consistent when error is returned from publisher pipeline - Metricset generator generates beta modules by default now. {pull}10657[10657] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index d1017bba347..284e603c57e 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -41,6 +41,13 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Change network.direction values to ECS recommended values (inbound, outbound). {issue}12445[12445] {pull}20695[20695] - Docker container needs to be explicitly run as user root for auditing. {pull}21202[21202] - File integrity dataset no longer includes the leading dot in `file.extension` values (e.g. it will report "png" instead of ".png") to comply with ECS. {pull}21644[21644] + +*Filebeat* + +- Introduce VirusTotal Intelligence Live Hunt module. {issue}21541[21541] {pull}21815[21815] + +*Auditbeat* + - Use ECS 1.7 ingress/egress network directions instead of inbound/outbound. {pull}22991[22991] - Use ingress/egress instead of inbound/outbound for ECS 1.7 in auditd module. {pull}23000[23000] diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index d0d78781e93..6ca9894cdb3 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1990,6 +1990,16 @@ filebeat.modules: # can be added under this section. #input: +#------------------------------ VirusTotal Module ------------------------------ +- module: virustotal + # All logs + livehunt: + enabled: true + # Set the VirusTotal private API key + var.apikey: "" + # Set retrieval limit, maximum 40, default 10 + var.limit: 10 + #--------------------------------- Zeek Module --------------------------------- - module: zeek capture_loss: diff --git a/x-pack/filebeat/include/list.go b/x-pack/filebeat/include/list.go index ec0c0b6b70d..56d1cb0a5dd 100644 --- a/x-pack/filebeat/include/list.go +++ b/x-pack/filebeat/include/list.go @@ -56,6 +56,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/filebeat/module/squid" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/suricata" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/tomcat" + _ "github.com/elastic/beats/v7/x-pack/filebeat/module/virustotal" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zeek" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zoom" _ "github.com/elastic/beats/v7/x-pack/filebeat/module/zscaler" diff --git a/x-pack/filebeat/module/virustotal/README.md b/x-pack/filebeat/module/virustotal/README.md new file mode 100644 index 00000000000..8f9e7367809 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/README.md @@ -0,0 +1,128 @@ +# Development Workflow + +In all examples below, `filebeat.dev.yml` is a local development only configuration with VT API key, creds to Elastic Cloud instance, etc. + +My `filebeat.dev.yml` looks like this, with appropriate substitutions. + +```yml +filebeat.modules: + - module: virustotal + livehunt: + enabled: True + var.input: httpjson # httpjson or kafka + + # If consuming events from VirusTotal httpjson + var.api_key: INSERT-YOUR-VT-API-KEY + var.vt_fileinfo_url: https://www.virustotal.com/gui/file/ + var.limit: 40 # maximum 40, default is 10 + + # If consuming raw events from Kafka + var.kafka_brokers: + - 127.0.0.1:9093 + var.kafka_topics: + - virustotal.raw + +cloud.id: "INSERT-YOUR-CLOUD-ID" +cloud.auth: "INSERT-YOUR-CLOUD-AUTH" +``` + +## Setup + +Run filebeat setup to establish ILM policies, Elasticsearch mapping patterns, Kibana index patterns. This needs to happen every time you change a `fields.yml`. This configuration will overwrite existing items, except maybe Kibana index pattern. I just manually delete that before I run setup. I also delete the existing `filebeat-*` index in Elasticsearch too, to avoid mapping conflicts. See notes on `kafka` and `elastidump` below. + +```shell +./filebeat -c filebeat.dev.yml -e setup -E setup.template.overwrite=true -E setup.ilm.overwrite=true -E setup.dashboards.directory=build/kibana +``` + +## Kafka + +I added Kafka as an input type because I think some users will find this useful and it's incredibly useful to replay events from VT for development purposes. I used `docker-compose` to standup a local Kafka cluster for development purposes. + +```shell +# Download my compose file +curl -O https://gist.githubusercontent.com/dcode/a79d24624aee11ca713250cc5ba02a22/raw/e519b85bad45b3a2f757fbdc2f9808c94969cf13/docker-compose.yml + +# Bring up cluster +docker-compose up -d +``` + +Configure filebeat to use this as an input for the module in your `filebeat.dev.yml`, where `virustotal.raw` is the topic name of the unmodified LiveHunt notification file objects. + +```yaml +filebeat.modules: + - module: virustotal + livehunt: + enabled: True + var.input: kafka + var.kafka_brokers: + - 127.0.0.1:9093 + var.kafka_topics: + - virustotal.raw +``` + +## Replay Events using Kafka + +First, save off existing events from the cluster. Do this before you delete the index in the **setup** step above. + +```shell +# Install elasticdump, uses npm/node.js +npm install elasticdump -g + +# Install kafkacat and jq +brew install kafkacat jq + +# Dump the filebeat index +elasticdump --input=https://elastic:password@elasicsearch-endpoint.es.io:9243/filebeat-* \ + --output=$ \ + | gzip > data/filebeat-virustotal.json.gz + +# Replay filebeat data into kafka topic (if setup using compose file above) +gzcat data/filebeat-virustotal.json.gz | jq -cr '._source.event.original' | kafkacat -b 127.0.0.1:9093 -P -t virustotal.raw +``` + +NOTES: + +- `https://elastic:password@elasicsearch-endpoint.es.io:9243`: is the HTTPS endpoint as retreived from the Elastic Cloud panel, with the `elastic` username and password prefixed to the server. You can optionally use an HTTP auth ini file with `elasticdump`. See the `--help` output for specifics. +- Elasticdump can do a lot of things. In this scenario, I'm merely compressing it and writing it to a disk. These are the raw JSON documents as stored in Elasticsearch. +- I'm dumping only indices that match the pattern `filebeat-*`. You can make this more or less specific, as desired. +- I'm using `jq` here to output compact (single line) JSON documents as raw strings, which unquotes the field value. +- kafkacat here is connecting to the local broker `-b`, in producer mode `-P`, and writing to the topic `-t` using data from stdin. + +If you wanted to validate or otherwise manipulate the raw data, you can use `kafkacat` in consumer mode `-C`. This example shows the first 10 records. You could pipe these to `jq` to format them. + +```shell +kafkacat -b 127.0.0.1:9093 -C -t virustotal.raw | head | jq +``` + +Configure filebeat to use the kafka input as show above, and run it until all events are replayed. After which, you can switch back to `httpjson` as the input type and stream new data. + +```shell +./filebeat -c filebeat.dev.yml -e +``` +## Delete all Kibana saved objects between test runs + +```bash +#!/bin/bash + +# From the docs: https://www.elastic.co/guide/en/kibana/current/saved-objects-api-get.html#saved-objects-api-get-params +# Types can be: visualization, dashboard, search, index-pattern, config, timelion-sheet +# You can also have a map type, which isn't in the docs linked above + +function clear_kibana() { + export KIBANA_API_URL="${KIBANA_API_URL:-http://elastic:password@127.0.0.1:5601}" + export OBJECTS=$(curl -s "${KIBANA_API_URL}/api/saved_objects/_find?fields=id&type=index-pattern&type=visualization&type=dashboard&type=search&type=index-pattern&type=timelion-sheet&type=map&per_page=1000" | jq -rc '.saved_objects[] | {"type": .type, "id": .id } | @base64') + + # Loops through the base64-encoded JSON objects + for item in ${OBJECTS}; + do + TYPE=$(echo "${item}" | base64 -d | jq -r '.type') + ID=$(echo "${item}" | base64 -d | jq -r '.id') + + echo "Deleting ${TYPE} with ID ${ID}" + curl -s -H 'kbn-xsrf: true' -XDELETE "${KIBANA_API_URL}/api/saved_objects/${TYPE}/${ID}" >/dev/null + + done +} + +clear_kibana +``` diff --git a/x-pack/filebeat/module/virustotal/_meta/config.yml b/x-pack/filebeat/module/virustotal/_meta/config.yml new file mode 100644 index 00000000000..e117968e7a1 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/_meta/config.yml @@ -0,0 +1,8 @@ +- module: virustotal + # All logs + livehunt: + enabled: true + # Set the VirusTotal private API key + var.apikey: "" + # Set retrieval limit, maximum 40, default 10 + var.limit: 10 diff --git a/x-pack/filebeat/module/virustotal/_meta/fields.yml b/x-pack/filebeat/module/virustotal/_meta/fields.yml new file mode 100644 index 00000000000..3e315714645 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/_meta/fields.yml @@ -0,0 +1,7 @@ +#spellchecker: disable +- key: virustotal + title: VirusTotal + description: > + Module for handling the VirusTotal API notifications + fields: + diff --git a/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json b/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json new file mode 100644 index 00000000000..dbf2e8b7e3e --- /dev/null +++ b/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json @@ -0,0 +1,1038 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 17, + "i": "ec36b04f-b714-401a-a4c6-3212ca615592", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "ec36b04f-b714-401a-a4c6-3212ca615592", + "panelRefName": "panel_0", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 17, + "i": "6d8c609d-7843-40ca-982f-7c3fbef0a19a", + "w": 13, + "x": 24, + "y": 0 + }, + "panelIndex": "6d8c609d-7843-40ca-982f-7c3fbef0a19a", + "panelRefName": "panel_1", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 17, + "i": "22c39a5c-5e89-49f5-aef5-070943e0aad9", + "w": 11, + "x": 37, + "y": 0 + }, + "panelIndex": "22c39a5c-5e89-49f5-aef5-070943e0aad9", + "panelRefName": "panel_2", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "37af54a7-99cb-41da-b00e-b5aebcd93e8b", + "w": 24, + "x": 0, + "y": 17 + }, + "panelIndex": "37af54a7-99cb-41da-b00e-b5aebcd93e8b", + "panelRefName": "panel_3", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 14, + "i": "46e12b30-e4dd-462f-b59f-48c88300a89e", + "w": 13, + "x": 24, + "y": 17 + }, + "panelIndex": "46e12b30-e4dd-462f-b59f-48c88300a89e", + "panelRefName": "panel_4", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 33, + "i": "4130c0b5-c2af-4ded-9406-0b7d477c202d", + "w": 11, + "x": 37, + "y": 17 + }, + "panelIndex": "4130c0b5-c2af-4ded-9406-0b7d477c202d", + "panelRefName": "panel_5", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "e83917f5-d17a-4e09-a553-c996a57b4739", + "w": 20, + "x": 0, + "y": 31 + }, + "panelIndex": "e83917f5-d17a-4e09-a553-c996a57b4739", + "panelRefName": "panel_6", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 19, + "i": "1096fbd8-383b-4d8d-9582-dac41270475f", + "w": 17, + "x": 20, + "y": 31 + }, + "panelIndex": "1096fbd8-383b-4d8d-9582-dac41270475f", + "panelRefName": "panel_7", + "version": "7.9.2" + }, + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 20.2912, + "lon": 14.61228, + "zoom": 1.32 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 17, + "i": "c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c", + "w": 31, + "x": 0, + "y": 50 + }, + "panelIndex": "c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c", + "panelRefName": "panel_8", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "70185726-7b35-4f2d-ab07-60c719705373", + "w": 46, + "x": 0, + "y": 67 + }, + "panelIndex": "70185726-7b35-4f2d-ab07-60c719705373", + "panelRefName": "panel_9", + "version": "7.9.2" + } + ], + "timeRestore": false, + "title": "[VirusTotal Filebeat] Livehunt Overview", + "version": 1 + }, + "id": "bd059c90-0e56-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "8901bc70-0fe2-11eb-9aef-8b55a4ae31c5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "2faeb100-14a1-11eb-9aef-8b55a4ae31c5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "af3d9170-14a1-11eb-9aef-8b55a4ae31c5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "502946c0-0fe2-11eb-9aef-8b55a4ae31c5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "3429d920-0caf-11eb-9aef-8b55a4ae31c5", + "name": "panel_5", + "type": "visualization" + }, + { + "id": "32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5", + "name": "panel_7", + "type": "visualization" + }, + { + "id": "506466e0-0d64-11eb-9aef-8b55a4ae31c5", + "name": "panel_8", + "type": "map" + }, + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "panel_9", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-10-22T20:34:34.239Z", + "version": "WzE4NDA3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Livehunt notifications by YARA ruleset over time [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1140m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "rule.ruleset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": true, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Livehunt notifications by YARA ruleset over time [Virustotal Filebeat]", + "type": "histogram" + } + }, + "id": "8901bc70-0fe2-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-22T20:37:55.506Z", + "version": "WzE4NDY3LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Counts by Rule Name [Virustotal Filebeat]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "rule.name", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Counts by Rule Name [Virustotal Filebeat]", + "type": "table" + } + }, + "id": "2faeb100-14a1-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-22T20:37:35.822Z", + "version": "WzE4NDU5LDFd" + }, + { + "attributes": { + "description": "Displays rule.tags by prevalence. In Virustotal, these tags come from YARA rule tags.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Rule Tags Cloud [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "rule.tags", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 50 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "Rule Tags Cloud [Virustotal Filebeat]", + "type": "tagcloud" + } + }, + "id": "af3d9170-14a1-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-22T20:39:55.669Z", + "version": "WzE4NDk2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Virustotal Type Tags over Time [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-1140m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "virustotal.type_tag", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": true, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Virustotal Type Tags over Time [Virustotal Filebeat]", + "type": "histogram" + } + }, + "id": "502946c0-0fe2-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-22T20:38:50.066Z", + "version": "WzE4NDkxLDFd" + }, + { + "attributes": { + "description": "Displays file.mime_type values in a stacked bar chart over time.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "MIME-Types over Time [Virustotal FIlebeat]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MIME Type", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "MIME-Types over Time [Virustotal FIlebeat]", + "type": "table" + } + }, + "id": "a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-22T20:40:51.936Z", + "version": "WzE4NTAxLDFd" + }, + { + "attributes": { + "description": "Displays engine names and result categories (e.g. malicious, undetected, etc) for all Virustotal File events.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Virustotal Detection Counts By Engine [VirusTotal Filebeat] ", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega-lite/v4.json\n title: Event counts from all indexes\n // Define the data source\n data: {\n url: {\n // Apply dashboard context filters when set\n %context%: true\n // Filter the time picker (upper right corner) with this field\n %timefield%: @timestamp\n\n // Which index to search\n index: filebeat-8.0.0\n body: {\n size: 0\n aggs: {\n \"results\": {\n \"nested\": {\n \"path\": \"virustotal.analysis.results\"\n },\n \"aggs\": {\n \"table\": {\n \"composite\": {\n \"size\": 1000,\n \"sources\": [\n {\"engine_name\": {\"terms\": {\"field\": \"virustotal.analysis.results.engine_name\"}}},\n {\"category\": {\"terms\": {\"field\": \"virustotal.analysis.results.category\"}}}\n ]\n }\n }\n }\n }\n }\n }\n }\n name: kibana\n\n // From the result, take just the data we are interested in\n format: {\n property: aggregations.results.table.buckets\n }\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {\n type: formula\n expr: datum.key.engine_name\n as: engine_name\n }\n {\n type: formula\n expr: datum.key.category\n as: category\n }\n {\n type: formula\n expr: datum.doc_count\n as: count\n }\n ]\n }\n\n // \"mark\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\n mark: text\n\n // \"encoding\" tells the \"mark\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\n encoding: {\n x: {\n // The \"key\" value is the timestamp in milliseconds. Use it for X axis.\n field: key.category\n type: ordinal\n axis: {\n title: Category\n } // Customize X axis format\n }\n y: {\n // The \"doc_count\" is the count per bucket. Use it for Y axis.\n field: key.engine_name\n type: ordinal\n axis: {\n title: Engine Name\n }\n }\n }\n layer: [\n {\n \"mark\": \"rect\",\n \"encoding\": {\n \"color\": {\n \"field\": \"doc_count\",\n \"type\": \"quantitative\",\n \"title\": \"Count of Records\",\n \"legend\": {\"direction\": \"horizontal\", \"gradientLength\": 120}\n }\n }\n },\n {\n mark: text\n encoding: {\n text: {\n field: doc_count\n type: quantitative\n }\n \"color\": {\n \"condition\": {\"test\": \"datum['doc_count'] \u003c 40\", \"value\": \"black\"},\n \"value\": \"white\"\n }\n }\n }\n ]\n config: {\n axis: {\n grid: true\n tickBand: extent\n }\n }\n}" + }, + "title": "Virustotal Detection Counts By Engine [VirusTotal Filebeat] ", + "type": "vega" + } + }, + "id": "3429d920-0caf-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-10-22T20:42:12.097Z", + "version": "WzE4NTA2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Analysis Results Wordcloud [Virustotal Filebeat] ", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "spec": "{\n $schema: \"https://vega.github.io/schema/vega/v5.json\"\n data: [\n {\n name: engines\n url: {\n %context%: true\n %timefield%: @timestamp\n index: \"filebeat-*\"\n body: {\n aggs: {\n engines: {\n nested: {\n path: \"virustotal.analysis.results\"\n },\n aggs: {\n values: {\n terms: {\n size: 100\n field: \"virustotal.analysis.results.result\" \n }\n }\n }\n }\n }\n size: 0\n }\n }\n format: { property: \"aggregations.engines.values.buckets\" }\n transform: [\n {\n \"type\": \"formula\", \"as\": \"angle\",\n \"expr\": \"0\"\n },\n {\n \"type\": \"formula\", \"as\": \"weight\",\n \"expr\": \"datum.doc_count\"\n }\n ]\n }\n ]\n \n \"signals\": [\n {\n \"name\": \"wordclick\",\n \"value\": \"\",\n \"on\": [\n {\n \"events\": \"text:click\",\n \"update\": '''\n kibanaAddFilter({\"nested\": {\"path\": \"virustotal.analysis.results\", \"query\": {\"bool\": {\"must\": [{ \"match\": { \"virustotal.analysis.results.result\": event.item.text } }]}}}})\n '''\n }\n ]\n }\n ]\n\n scales: [\n {\n name: \"color\"\n type: \"ordinal\"\n domain: { data: \"engines\", field: \"key\" }\n range: {\"scheme\": \"elastic\"}\n }\n ]\n\n marks: [\n {\n name: cloud\n type: text\n from: {data: \"engines\"}\n encode: {\n enter: {\n text: {field: \"key\"}\n align: {value: \"center\"}\n baseline: {value: \"alphabetic\"}\n fill: {scale: \"color\", field: \"key\"}\n },\n update: {\n fillOpacity: {value: 1}\n },\n hover: {\n fillOpacity: {value: 0.5}\n }\n\n }\n transform: [\n {\n type: wordcloud\n text: {field: \"datum.key\"}\n size: [{signal: \"width\"}, {signal: \"height\"}],\n rotate: {field: \"datum.angle\"}\n font: \"Helvetica Neue, Arial\"\n fontSize: {field: \"datum.doc_count\"}\n fontWeight: {field: \"datum.weight\"}\n fontSizeRange: [8, 72]\n padding: 4\n }\n ]\n }\n\n ]\n}" + }, + "title": "Analysis Results Wordcloud [Virustotal Filebeat] ", + "type": "vega" + } + }, + "id": "32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-10-16T21:39:56.735Z", + "version": "WzE3Mjk4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "File Capabilities Word Cloud [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "virustotal.capabilities", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "File Capabilities Word Cloud [Virustotal Filebeat]", + "type": "tagcloud" + } + }, + "id": "1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-10-16T19:06:05.296Z", + "version": "WzE2OTY2LDFd" + }, + { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"road_map_desaturated\",\"isAutoSelect\":false},\"id\":\"6a988e7a-8078-4986-a10d-11f388582582\",\"label\":\"Base Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"]},\"id\":\"45ea51fa-2c06-4a28-91df-7c393a9186e9\",\"label\":\"Submission Country\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.49,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"__kbnjoin__count__b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"origin\":\"join\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"VECTOR\",\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"id\":\"b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"indexPatternTitle\":\"filebeat-*\",\"term\":\"virustotal.submission.source.geo.country_iso_code\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\"}}]}]", + "mapStateJSON": "{\"zoom\":1.77,\"center\":{\"lon\":0,\"lat\":0},\"timeFilters\":{\"from\":\"now-14d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.88,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Virustotal] Submission Country", + "uiStateJSON": { + "isLayerTOCOpen": false, + "openTOCDetails": [] + } + }, + "id": "506466e0-0d64-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "map": "7.9.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_join_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-10-14T19:16:25.908Z", + "version": "WzE2NTEzLDFd" + }, + { + "attributes": { + "columns": [ + "file.hash.sha1", + "file.name", + "file.size", + "file.mime_type", + "rule.ruleset", + "rule.name", + "rule.tags", + "virustotal.capabilities", + "virustotal.type_description" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "virustotal.id" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "virustotal.id", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "Virustotal LiveHunt Files", + "version": 1 + }, + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "search": "7.4.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-10-16T18:53:42.155Z", + "version": "WzE2ODkwLDFd" + } + ], + "version": "7.9.2" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/virustotal/fields.go b/x-pack/filebeat/module/virustotal/fields.go new file mode 100644 index 00000000000..97521467b1e --- /dev/null +++ b/x-pack/filebeat/module/virustotal/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package virustotal + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("filebeat", "virustotal", asset.ModuleFieldsPri, AssetVirustotal); err != nil { + panic(err) + } +} + +// AssetVirustotal returns asset data. +// This is the base64 encoded gzipped contents of module/virustotal. +func AssetVirustotal() string { + return "eJzsXd1z3DaSf/df0WU/JKlSdLdbtS9+uCrFci6qldcuy8ntPbEwZM8QJxBgAFDS+K+/wgc/hgN+gZSSrfU8JPaM2fh1o9HobnSDb1SJjKU5pvco30JGFdkxfPUj3OPxLTxQWSktNGGvADTVDN/Cb+a7L/67DFUqaamp4G/hv14BAHwQWcUQ9kJCTnjGKD+AzrHzHFx9ugEuNN3TlJhH1SuAPUWWqbevLA3zeQNhaPXvPwInBfYw1p8Arvrzsx0I9lIUfVxMHNTlCZU9qZhOLLa3sCdMYedniQyJwrewQ0063+tjiW/hIEVVdr6tGexiqXkgnLCjourkx1EuzOfKPwWU74UsrCiB7ESlLWOKFCXDyzOaozyN8TXM2xB/XR4zovsDzeDRfK6JRiA8A02Lmi14JMqJ7StmsDt2prHPcQt7EMKkSFo2JKqK6f5MtWNwVBqzwM9D8ukSL1DnIvTwTEmZzwdLAyrVl4tdkrWmhYTUMnGPx0chw0BqrCnReBDyuA7tO08FxH5EaZejc9O0DttnS6NG1hHkdkJEfqAcE/OXdVj/QQqskTqiTgO2nXMP9wGlooKvQ/ybI/JioKtyYPkvwHxLlAZHaB3uIJQasNIkaGBm2alZvNxVRUHaRedtmjNRgQfGNgQY3RRgpuHbE8oqOTQ7jj7lGg8oV66TqtihNIxf/ebnToHOibYQ4DFHXk+h9VvMD5SFgdXgK56hxjRs9p8Nv8RSSK1AkWMDlaopMI31FnxPZYHZj2ZTFdWQqXwR0UskaQ4EPJTOLHydPws5kQVDFVo4z8bIwByMQmn2esJoSkX1ZwA8jqWxS5Uq/zSQJ8DUmP8A7fZDqnM1pgp+/Xz7H5OqbGD9WHFVlYb1lzUr/bWZCf6dBg/FfWXGNf/0jI8mnNFa0l2lsT83DvGeEa2Rn/E1ts3M2PsmWPVxn0RdSX7mG1vGiEQTl8IRNRSkLDEz0hVAzJbMMyIzUGmOBQlynYqiqDjVfY94eHd8Xobf1XhMWEEyoslkcDgVw9kwO3kQ5zM7zugUszMZnsH0KeMW6STXY5zDH7LDOJ3kblE2emXWXI3BsRZ2Mv+AHWYYcANiCHEbsZWVtjmMSJ82FRIhJSytGNHGG5eiAMKY14JSmMDcLPteNDe0bqFjsAQ530Ia4FXQnM+A/L9Xn6+gIDrNUdngwSAb2B02yC6sjzId1syyPEZufnDWGXhDaNNUHUKNT2HXoF1COs0TyhNV7Qa37dkYH3PUObpptpRtFotys8E4+iCk2YFGQe+EYEjCjHV1UqFO6MpkUrtMvlM1Ubi5Xp+ecaS2m/IOvE30UuIeJfJ05YzXmJSo5CCtcVQ1opKk9ygjEo8zoN5SZfNcbgxwESQVHLQQTLnca45U+kxB7AZqqG2Z6xKCucSLFh5zzYH5dn3maDuoNEOu6Z5i5hF+r35Yjq/B1Tk72dxtPFnyqeDGRp6MCJoczvbxP9uZwRfqBM/oA0Je8VMWFh4RNAEwp2UZtFozEE3L1ZMPenUj+1Wzushh2DqMqZOqdgVVgYzuBFcf+mGFDcsHaMUpyAx1ntIhZ3ovDyguU1FxLY8JVSJJRRapWjd3H8FTAkPFqJkbxP5pSAAw29J7xPcY8khnAPyV098rbG2O3BzhnkqlE0tIR2869ljP5khqt9e6Q5Y2KERuPKOT0+Yw2NEly8h6oB+E0iAxRa7tYKd4fVyhxWqs7cQkVr/i0J4molQn7oWcKNgZwTYCmQl7KEZsM+BG4xKnY+Gji7la62m4hExOHrALtmUlHnezt4hHzgTJTooKZqH9Yg2dw0EVGAIGzw4bmnX0OXwoPebKTxq9E+UuRGYdi2U8nC4+sfs/4zxRrZDtrVYb0lCTDoMP6PJs5IRnUhwqcmZj1vsvd7l4DJVEXJkhaQZXn/5+Adfv/2m92qt/fri1S1ldAD5pSVKjZ49U51YuVw1M62y+iM9DUk0fqKax6+id4JpQ7hY+KcvvVE3yaEdY5iN0kQ0f+86AZUX531aUno510qPBEDedCSlLFnaFZwLzhJxBt6ltymvDAU6Jou1iAGSCUopQtm0G1P9p8weyroABSw9KKVJUqi626gw4nFIYTyeM8WBW1wo16EtbojPDVtzw/WtS3r++gNcZPpn/kaeCvf5htaJ4rVvh+NXYa/01lC4s+LaarCCc7lENi3sp3IEYNAKuobQ5XEZ3kshoY3VrH/eGycXylNcaHA2qIJQntdGL9PkI5ad2c3PRFZTToioSld2PVNTMweoIQXNeCCq7H7HW8/NN5BCpe5/cw88juFKKB5qFc2FzsNWPNzVya/XNxAb0IRrQ5/rx7QBRdZ9Qnhl7HbvZtH7EozADqrdgDTN8r7SsUl1J/MH6UK9LlMVr+N78z4Uv6geLABoEwz7H0FlwJypC+UCjo4o7//RmolVaUn5QScfBXClf40RIVNrs3Z467EXFNzGFmsgD6vU2pr+ZeFxtSKlt+tns4PH+pU7q3S/ewbgx0uSENUh9jVvPlW/rY7+M6ObYsV+K0ufuYvfnsuwSgQw1oUxdwrsc03u4u7uFd52ffYymBdxz8QiFkOgjG6oVNGtyxUozishN6MV0tC0LRB+OLAyTnYuvNTCJl1Vk4sk93KkLcEAl/l5RiVlnIHUJf8ejspUh7bfeXTHG74GwCt3vGbVnJtYbsgleQnntj+8FY+LR/M2Ffwul0NZcl2RHWSg6nOC7PuGRWEpUyDXR9AFtztjEscTngurM1nfqZKxwAmAsp7w7asxRitBKHrMGE2zcdMJ67wbYVfzTUeMvKAXkWEmqNE07h1iunml28N7UDT/RfSDqX5+heO8JL+rbeKZkg1JY7Nhx3ebQMFSTW+18pjmxuRiZhE+Jl4BqaEGY1kxEIsNE0a+Rxr5FIzKEATpzkRQl4ccVkWEHjCU1dNA5Dw/aM5VS0NiMdQPHUoIhSnOPJhgm4/UfSyDZPMU4uQW49owcVFIQdb8FLEsNBqgtQCUi99FTNEEqC1BssLYsjlVryyGpduZfbwJmkNQCPFuB2QZJgk8a+QabRZsCHKO4AN02e5iFtXb/6uJJXFnkhrBgkOI8dLQgh63EZWmtlpdDZKXWbNfWjVtrmupmGOiRNb4wPmFa6cD53wLcnGpKGP2KWZIRTbawYh2aYMsrVlk06uPhLdyFmtY6f4ERfqjMdMdn4htENS0YoDUTER4IS1JRHiU95Gu9GEsNxqgtQaUlybAg8l79ZRNcDb0QuThgf90WWIjc3MMIfo9yI8PmiK22bAUtNtnBDZ11O3hB0pzybcA4UuvwCLXRTAm1epZcci3Zyt3yubr1XpeQ9ECN9bbINjDhNUGHbZUdLzcRVblSQqUUWZXqLWTjSa2UisezjWrXkFYf5p2i2sYl7YFb65WqaqeOSmOxEtYYnYVINprFht7qebQlfZoUoQOhJYjG6MxDUvHn8H1PqG7g/aYSicYkvo68TZVZSkMV6QvQxJ7HniJZcczmn08Cue1IKKHiuPl4MpFWBfKBZqVFwZ6nBEFKs31IJNKo33r/cZjQTI9NZHR/3EJ7HaV12ltm+612tWy/QXmKjSCjy6RbMC58DBNasrtutJ+u2EGfitKu6nu6VihPRQnDlGbambJKiExzqnHoZHqRrSkrmCA3H9fuqDERMls9ZwaVIQZDxOZj2kKZDZx1umyQbODWGyCr/HqDY5tEvIGyNg9fx4cs3GMVExsOkJo+Ws+Jyi8fzH9f9VFs2vtXSlFKiprII+yrr1+PdmTKD73Hpk+mx7g526qXQOy0ONXt8+HT82kcBTnQdBmUKzhUqFRdYdRE+xewIwozEBwIlKKsGJFQEumqs20yX4rC+LpPi2EqeihIMnBf5HghzeR1Ib5yhzcNRHWDtR3U9TK7KgPYHV3VET6gpPp4YcSOQFQPXxK+ymxXaVAlo9rQCbWCh7kNUhvrHZzHr5m7UZ4vHHlXadJle+n1KamkmqYr+qxyeugv+vkPF5jRajgonnqcicdFz460pcbVKrW3CgFJUyEzt5yG+8CmV5OWAfOz1oh+kTfXti8MKk0Z1UfzAD1wV2HlTdaxNRftXbRUwo5yY2/NvyfGy1GXcKOhIEc4GBlYzSOsLW5SF2fjW0/EKavRFzThmZk9tF0iO1fUdawvcPItLo0pDTdIP0/10ex0603bPr8+p9oRQtxW/qkjRXvlI5RCUaujp1IMPO2kbWsZUxxx085rT7uXg40UuEz1/dmfd74vdEiYM1aOQaFJ3xeYWhqu3NAv66Y4ch2KoeqByfvAWKfywPWbpqIoBGfHFuNaOflOaUSeUJ7oHJNHenbH5pxeTYuve5mvbZMWO4XywbbGUuXrcJx/6Wu03ZEt6guD1ew97GgMw6+fb2ex8uqcH4aX1gNVKkPsrvgJyznC5M+Nd3niS1XWYXLjdA3S+L3bfRbOkWt24jo/E24zSjzqN2/ewPvbnx3BRkuV+T7MGbL9JjyZQfHBan6vhdmW1jNGD8hThFtj7n6puK5vj+3yKh5QPkqq7RZb4Rm3/c1iSDZjd6bb3KOtBY/oQ55cc51m4By5MfCK2g7FuovJV0nXV+tdwo1rdkF/7yPV8EhCri9lGoS9JK2kDDO7v6eEA2HK9pDvyb3bvAvCHonEOsk6UIR9xn3jKyI5z0isF8wvluxJ6bLX/VpdX8Z3SBkJ3sQ3Y//2LFgKU+BhfhqbDFxrOOciDAK2DqmLxs1fPB5/Rh8H6YM/4O8m3LYEJ1RCdjQO2z/ev7+GLx/h6jp0D9nMc7TotJJXHu3vQN1Gd1al1XsXqW8xPWRHR1L94zRiMV91WtZ/clGQ7eXakxTh+6ufbgIXZp2UoA/Vjdcut+utG+SHieCP81WiBTGtGL284rPK+vV/Pv3ltQ1UmuKPGlhvT2nuF7PZkKSU4iBJkThtWhjEt9fQmME+OVJeVANb2dkM9PAoF/JugefOtwbF4VE5kZglQ73vM9MbjkrbQd9pUaXKonTasTjmwCd7Y3bwueAtgVN7bXxtTX3/nYOEGahjsYs4K57luWxh3r94u/4CgNva59B0rffUaj1z9DEDZGhPx9vuRZt+Wuyu/UE61PDxr6JDLwC4bZJ32cDNlag2lAF/36cq2yr6SO//hdXJ+xY1Y4ZQvKNU5kdFU8ISsd9Hdyr2EDlSIDhkVN1vgC2+LquHzBACyu2B9/DZ5YAjVbth4YcbT5hKXRGWkCyT4avWl8P2NMHTDN5eu8JH7EPfTNw17hOxj6GPmJcmhxR/st1DbSnFa2282e3hMITiYSg82Jq0Te2MsZydiwH8GPEgTcQhyshTjB6+AomqpHMQxB7ucsK57Z23QwxjnLgkI6eR3SHj8N7lFNTvlXWgM6rcweDoxb7DByouJ4xsHyypGAVaP+VywCbEGoisZh0VDJ7br371SU15m+wuPFtSr151jAavh5pTZtOETTUxMMTG9KIv9eYPb968gU/v56fgy+lE91hCO+a1OMOiHk7BD+HoYslwV4WzIVu9pOXajNB1Ky+A7sGfui2YrT5yiWO30M5CPzXUvHuInJP86X1t8VUL7QKUKNAy3977UQSV4tspx8QphzHepNI5ck2XG/CrzpN1XOOX/HID7plNhporJguS7ONtb8YsQIOSsZcg0lTwy4BYoqumfiEqR9c9XewwyzADnyYEM9ZSMxOANgOE+VzTvX9Dh8XkCzEO9AH5kMBgRsQ9/paqRrbZ36Ki+elzl+u/NefJkjxamQ6dLE3fYOQV8ixVOgZ0qvzyNHFfj1D3goXzyZKmeVKiT9wO62MUos80zT+990cecLqQw3CGL6yZuripvZ9mYm2OxpMT2eWRPt0JfB86bbmrrZlxIBgJv8wumLKZqv35eP1xoXmIjx7e5fSvoZzVpGUYD2dWBVzv3cPPAMs8Gx83/+yfng1m8uQ5aB1nIPnoVO7ECm6CaE127qNPxzkoflVETeJoAiY+a3RHv86Zu8gk0USG+UXtwbek77ek77ekbw/9t6Tvt6RvLL5/36RvuEZi5ol6UxzwL36i/q0qY3lVxreSiwC8P42CPDPgV33EvXc/x5fd35WY0r2/mJDwY93ZIUFIIAejQ67/0vaBHJCjJBqBMJSnhzPLzx0G3xU8Ifebk16nTgulCUQM0eU5h+W9gl/I4YBZ6A33cQgmXvg8gSb2Bc8OV/0mpv8PAAD//63RLQA=" +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/docs.asciidoc b/x-pack/filebeat/module/virustotal/livehunt/_meta/docs.asciidoc new file mode 100644 index 00000000000..60213a16852 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/_meta/docs.asciidoc @@ -0,0 +1,128 @@ +[role="xpack"] + +:modulename: virustotal +:has-dashboards: true + +== VirusTotal LiveHunt Module + +VirusTotal was founded as a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. In addition to the free services, VirusTotal offers several premium services. One of those premium services is LiveHunting. + +LiveHunt leverages customer provided YARA rules uploaded and applied to all files sent to VirusTotal from all around the world, live. Whenever there is a rule match you get an immediate notification. Notifications can be viewed via the web interface, email alerts or retrieved through a REST API. + +This module uses Filebeat's https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html[HTTP JSON input plugin] to query the notification queue and write the results, and companion metadata, to Elasticsearch. Additionally, this module leverages ECS fieldsets. + +include::../include/gs-link.asciidoc[] + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: livehunt + +include::../include/config-option-intro.asciidoc[] + +[float] +=== Compatibility + +This module has been tested against `v3.0` of the https://developers.virustotal.com/v3.0/reference#hunting-notification-object[VirusTotal LiveHunt API Endpoint]. + +include::../include/configuring-intro.asciidoc[] + +:fileset_ex: {livehunt} + +include::../include/config-option-intro.asciidoc[] + +[float] +==== `livehunt` fileset settings + +[source,yaml] +---- +- module: virustotal + livehunt: + enabled: true + # Set the VirusTotal private API key + var.apikey: "" + # Set retrieval limit, maximum 40, default 10 + var.limit: 10 +---- + +[float] +==== `VirusTotal` fields + +[source,yaml] +---- +- top-level field: virustotal + description: Main fieldset for all VirusTotal events + + - field: analysis + description: Information about the sample analysis. + + - field: attributes + description: File-level attributes about the sample. + + - field: bytehero_info + description: ByteHero heuristic detection engine information. + + - field: capabilities + description: Capabilities of the sample. + + - field: community + description: Community information and votes about the sample. + + - field: downloadable + description: The sample is or is not downloadable from VirusTotal. + + - field: exiftool + description: Exif metadata provided about the sample. + + - field: hash + description: Hashing algorithm provided by VirusTotal to identify similar samples. + + - field: id + description: VirusTotal identification number for the sample. + + - field: last_modified + description: UTC date when the sample itself was last modified. + + - field: magic + description: Magic number of the sample. + + - field: notification + description: UTC date when the LiveHunt notification was generated. + + - field: packers + description: Type of packers used by the sample. + + - field: sigma_analysis + description: Analysis of sandbox generated sysmon logs. + + - field: submission + description: UTC date when the sample itself was submitted to VirusTotal. + + - field: tags + description: VirusTotal applied tags about the sample. + + - field: trid + description: TrID is an utility designed to identify file types from their binary signatures + + - field: type_description + description: File architecture description about the sample. + + - field: type_tag + description: File architecture tag about the sample. +---- + +include::../include/var-paths.asciidoc[] + +[float] +=== Example dashboard + +This module comes with several visualizations and a dashboard. + +[role="screenshot"] +image::./images/kibana-virustotal-dashboard-1.png[] +image::./images/kibana-virustotal-dashboard-2.png[] + +:has-dashboards!: + +:fileset_ex!: + +:modulename!: diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/fields.yml b/x-pack/filebeat/module/virustotal/livehunt/_meta/fields.yml new file mode 100644 index 00000000000..6beaaee7610 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/_meta/fields.yml @@ -0,0 +1,975 @@ +# spellchecker: disable +- name: virustotal + description: > + Fields from the VirusTotal logs. + default_field: false + release: beta + type: group + fields: + - name: analysis + description: > + Analysis information about the sample. + default_field: false + release: beta + type: group + fields: + - name: date + description: > + Date and time sample was analyzed by VirusTotal. + type: date + default_field: false + - name: results + type: nested + fields: + - name: method + description: > + Method used by VirusTotal for analysis. + type: keyword + - name: category + description: > + Category of the sample. + type: keyword + - name: result + description: > + Result of the VirusTotal analysis. + type: keyword + - name: engine_name + description: > + Name of the engine used for analysis. + type: keyword + - name: engine_version + description: > + Version of the engine used for analysis. + type: keyword + - name: engine_update + description: > + Last update of the engine used for analysis. + type: date + - name: stats + default_field: false + description: > + Summary of the results field + release: beta + type: group + fields: + - name: failure + type: integer + description: > + Number of AV engines that fail when analysing that file + - name: undetected + type: integer + description: > + Number of reports saying that is undetected + - name: confirmed-timeout + type: integer + description: > + Number of AV engines that reach a timeout when analyzing that file + - name: harmless + type: integer + description: > + Number of reports saying that is harmless + - name: malicious + type: integer + description: > + Number of reports saying that is malicious + - name: suspicious + type: integer + description: > + Number of reports saying that is suspicious + - name: timeout + type: integer + description: > + Number of timeouts when analyzing this URL/file + - name: type-unsupported + type: integer + description: > + Number of AV engines that don't support that type of file + - name: attributes + type: flattened + release: beta + default_field: false + description: > + Fields returned by VirusTotal that are not yet mapped into a standard schema + - name: community + type: group + release: beta + default_field: false + description: > + Community metadata about the sample. + fields: + - name: total_votes + type: group + release: beta + default_field: false + description: > + Community votes about the sample. + fields: + - name: harmless + type: integer + description: > + Total number community of harmless votes. + - name: malicious + type: integer + description: > + Total number community of malicious votes. + - name: reputation + description: > + Score calculated from all votes posted by the VirusTotal community + type: float + - name: rule + description: > + YARA matches for the file + type: nested + fields: + - name: name + description: > + matched rule name + type: keyword + - name: description + description: > + matched rule description + type: text + - name: match_in_subfile + description: > + whether the match was in a subfile or not + type: boolean + - name: ruleset_id + description: > + VirusTotal's ruleset ID + type: keyword + - name: ruleset + description: > + matched rule's ruleset name + type: keyword + - name: reference + description: > + ruleset source + type: keyword + - name: packers + type: nested + description: > + List of packer detection tools and their result. + fields: + - name: tool_name + description: > + Name of tool used to detect packer used. + type: keyword + - name: name + description: > + Name of identified packer(s). + type: keyword + - name: notification + default_field: false + description: > + VirusTotal's context notification tags. + release: beta + type: group + fields: + - name: date + description: > + Time of live hunt notification. + type: date + - name: snippet + description: > + VirusTotal's context notification snippets. + type: text + - name: tags + type: keyword + - name: submission + description: > + Metadata about this submission + release: beta + type: group + default_field: false + fields: + - name: source.geo.country_iso_code + description: > + ISO country code of source of submission + type: keyword + - name: source.key + description: > + Unique identifier of source of submission + type: keyword + - name: first_submitted + description: > + Date when the file was first seen in VirusTotal + type: date + - name: last_submitted + description: > + Most recent date the file was posted to VirusTotal + type: date + - name: submission_count + description: > + Number of times the sample has been submitted to VirusTotal + type: integer + - name: unique_sources + description: > + Unique sources that have submitted the sample to VirusTotal + type: integer + - name: downloadable + description: > + This sample is able to be downloaded from VirusTotal. + type: boolean + default_field: false + - name: last_modified + description: > + Date when the object itself was last modified. + type: date + default_field: false + - name: androguard + default_field: false + description: > + Shows information about Android APK, DEX and AXML files, extracted with the Androguard tool + release: beta + type: group + fields: + - name: activities + description: > + Contains the app's activity names + type: keyword + - name: version + description: > + AndroGuard version used + type: keyword + - name: android_application + description: > + android file type in integer format + type: integer + - name: android_application_error + description: > + Whether there was an error processing the application or not + type: boolean + - name: android_application_info + description: > + Android file type in readable form ("apk", "dex", "axml") + type: keyword + - name: android_version_code + description: > + Android version code, read from the manifest + type: keyword + - name: android_version_name + description: > + Android version name, read from the manifest + type: keyword + - name: libraries + description: > + Library names used in the app + type: keyword + - name: main_activity + description: > + Main activity name, read from the manifest + type: keyword + - name: minimum_sdk_version + description: > + Minimum supported sdk version + type: keyword + - name: package + description: > + Package name, read from the manifest + type: keyword + - name: providers + description: > + Providers used by the app + type: keyword + - name: receivers + description: > + Receivers used by the app + type: keyword + - name: risk_indicator + description: > + Contains two keys: "apk" (structure) and "perm" (permissions) risk indicators + type: flattened + - name: services + description: > + Services used by the app + type: keyword + - name: strings_information + description: > + Contains interesting strings found in the app + type: keyword + - name: target_sdk_version + description: > + Android version the app has been tested for + type: keyword + - name: vt_android_info + description: > + Internal version of the Androguard tool used by VT + type: float + - name: certificate + description: > + App certificate details. Check SSL Certificate object to know more about its structure + type: flattened + - name: intent_filters + description: > + Contains the app's intent filters + type: flattened + - name: permission_details + description: > + Details about the app's required permissions. Keys are permission names and values are dictionaries containing the following fields + type: flattened + - name: capabilities + description: > + List of representative tags related to the file's capabilities. + type: keyword + - name: bytehero_info + type: keyword + description: > + Information provided by ByteHero heuristic detection engine + release: beta + - name: exiftool + default_field: false + description: > + Exiftool information about the sample. + release: beta + type: group + fields: + - name: assembly_version + description: > + Exiftool assembly version + type: keyword + - name: character_set + description: > + Exiftool character set + type: keyword + - name: code_size + description: > + Exiftool code size + type: keyword + - name: company_name + description: > + Exiftool company name + type: keyword + - name: entry_point + description: > + Exiftool entry point + type: keyword + - name: file_description + description: > + Exiftool file description + type: keyword + - name: file_flags_mask + description: > + Exiftool file flags mask + type: keyword + - name: file_os + description: > + Exiftool file os + type: keyword + - name: file_size + description: > + Exiftool file size + type: keyword + - name: file_subtype + description: > + Exiftool file subtype + type: keyword + - name: file_type + description: > + Exiftool file type + type: keyword + - name: file_type_extension + description: > + Exiftool file type extension + type: keyword + - name: file_version + description: > + Exiftool file version + type: keyword + - name: file_version_number + description: > + Exiftool file version number + type: keyword + - name: image_version + description: > + Exiftool image version + type: keyword + - name: image_file_characteristics + description: > + Exiftool detected characteristics of executable + type: keyword + - name: initialized_data_size + description: > + Exiftool initialized data size + type: keyword + - name: internal_name + description: > + Exiftool internal name + type: keyword + - name: language_code + description: > + Exiftool language code + type: keyword + - name: legal_copyright + description: > + Exiftool legal copyright + type: keyword + - name: legal_trademarks1 + description: > + Exiftool legal trademark1 + type: keyword + - name: legal_trademarks2 + description: > + Exiftool legal trademark2 + type: keyword + - name: linker_version + description: > + Exiftool linker version + type: keyword + - name: mime_type + description: > + Exiftool mime type + type: keyword + - name: machine_type + description: > + Exiftool machine type + type: keyword + - name: os_version + description: > + Exiftool os version + type: keyword + - name: object_file_type + description: > + Exiftool object file type + type: keyword + - name: original_file_name + description: > + Exiftool original file name + type: keyword + - name: pe_type + description: > + Exiftool pe type + type: keyword + - name: product_name + description: > + Exiftool product name + type: keyword + - name: product_version + description: > + Exiftool product version + type: keyword + - name: product_version_number + description: > + Exiftool product version number + type: keyword + - name: subsystem + description: > + Exiftool subsystem + type: keyword + - name: subsystem_version + description: > + Exiftool subsystem version + type: keyword + - name: timestamp + description: > + Exiftool timestamp + type: keyword + - name: uninitialized_data_size + description: > + Exiftool uninitialized data size + type: keyword + - name: create_date + description: > + Exiftool create date + type: keyword + - name: creator + description: > + Exiftool creator + type: keyword + - name: creator_tool + description: > + Exiftool creator tool + type: keyword + - name: document_id + description: > + Exiftool document id + type: keyword + - name: linearized + description: > + Exiftool linearized + type: keyword + - name: modify_date + description: > + Exiftool modify date + type: keyword + - name: pdf_version + description: > + Exiftool pdf version + type: keyword + - name: page_count + description: > + Exiftool page count + type: keyword + - name: producer + description: > + Exiftool producer + type: keyword + - name: xmp_toolkit + description: > + Exiftool xmp toolkit + type: keyword + - name: cpu_architecture + description: > + Exiftool cpu architecture + type: keyword + - name: cpu_byte_order + description: > + Exiftool cpu byte order + type: keyword + - name: cpu_count + description: > + Exiftool cpu count + type: keyword + - name: cpu_type + description: > + Exiftool cpu type + type: keyword + - name: cpu_subtype + description: > + Exiftool cpu subtype + type: keyword + - name: object_flags + description: > + Exiftool object flags + type: keyword + - name: hash.vhash + default_field: false + description: > + VirusTotal's proprietary fuzzy hashing + release: beta + type: keyword + - name: id + description: > + VirusTotal's identifier for the sample. + type: keyword + - name: magic + description: > + A guess of the file type, based on a popular parsing tool from unix + type: keyword + - name: sigma_analysis + type: flattened + description: > + Contains number of matched sigma rules group by its severity, same as sigma_analysis_stats + but split by ruleset + - name: sigma_analysis_stats + type: group + description: > + Contains the number of matched sigma rules, grouped by its severity. + fields: + - name: critical + type: integer + - name: high + type: integer + - name: medium + type: integer + - name: low + type: integer + - name: tags + description: > + List of representative attributes according to VirusTotal + type: keyword + - name: trid + default_field: false + description: > + TrID is a utility designed to identify file types from their binary signatures. It may give several detections, + ordered by higher to lower probability of file format identification. + release: beta + type: group + fields: + - name: file_type + description: Identified file type + type: keyword + - name: probability + description: > + Probability for a positive identification + format: percent + type: float + - name: type_description + description: > + Describes the file type + type: keyword + - name: type_tag + description: > + Tags representing the file type + type: keyword + - name: type_extension + description: > + File extension that commonly represents the file type + type: keyword + - name: first_seen_in_the_wild + description: > + Date that VirusTotal first observed this file object on the internet, typically by URL + type: keyword + +- name: file.hash.ssdeep + default_field: false + description: > + Fuzzy hash of the file using ssdeep. + release: beta + type: keyword +- name: file.hash.tlsh + default_field: false + description: > + Fuzzy hash of the file using tlsh. + release: beta + type: keyword +### ELF file extensions ### +- name: file.elf + default_field: false + description: > + ELF events from VirusTotal Intelligence Live Hunt results. + overwrite: true + type: group + release: beta + fields: + - name: creation_date + default_field: false + description: > + extracted when possible from the file's metadata. Indicates when it was + built or compiled. It can also be faked by malware creators. + type: date + - name: header + default_field: false + description: > + Header information of the ELF file. + release: beta + type: group + fields: + - name: class + description: > + Header class of the ELF file. + type: keyword + - name: data + description: > + Data table of the ELF header. + type: keyword + - name: machine + description: > + Machine architecture of the ELF header. + type: keyword + - name: os_abi + description: > + NEED TO ADD + type: keyword + - name: type + description: > + Header type of the ELF file. + type: keyword + - name: version + description: > + Version of the ELF header. + type: keyword + - name: abi_version + type: keyword + description: > + Version of the ELF Application Binary Interface (ABI). + - name: entrypoint + format: string + type: long + description: > + Header entrypoint of the ELF file. + - name: object_version + type: keyword + description: > + "0x1" for original ELF files. + - name: number_program_headers + description: > + Number of ELF Program Headers. + type: long + - name: number_section_headers + description: > + Number of ELF Section Headers. + type: long + - name: shared_libraries + description: > + List of shared libraries used by this ELF object + type: keyword + - name: exports + type: nested + fields: + - name: name + description: > + Name of exported symbol + type: keyword + default_field: false + - name: type + description: > + Type of exported symbol + type: keyword + default_field: false + - name: imports + default_field: false + description: > + List of imported element names and types + release: beta + type: nested + fields: + - name: name + description: > + Name of imported symbol + type: keyword + default_field: false + - name: type + description: > + Type of imported symbol + type: keyword + default_field: false + - name: sections + default_field: false + description: > + Section information of the binary executable file. + release: beta + type: nested + fields: + - name: name + description: > + Binary Section name. + type: keyword + - name: physical_offset + description: > + Binary Section offset on disk. + type: keyword + - name: physical_size + description: > + Binary Section size in bytes + type: long + format: bytes + - name: virtual_address + description: > + Binary Section virtual address. + format: string + type: long + - name: virtual_size + description: > + Binary Section virtual size in bytes. + format: bytes + type: long + - name: flags + description: > + Binary Section flags. + type: keyword + - name: type + description: > + Binary Section type. + type: keyword + - name: segment_name + description: > + Binary Section name of containing segment. + type: keyword + - name: entropy + description: > + Binary Section measurement of Shannon entropy. + type: float + - name: chi2 + description: > + Binary Section measurement of Chi squared distribution. + type: float + - name: hash.telfhash + description: > + telfhash hash for ELF files. + type: keyword + - name: flattened + default_field: false + description: > + Flattened ELF events from VirusTotal Intelligence Live Hunt results. + release: beta + type: group + fields: + - name: segment_list + description: > + ELF object segment list. + type: flattened + +### PE file extensions ### +- name: file.pe + type: group + fields: + - name: flattened + release: beta + type: group + overwrite: true + fields: + - name: debug + default_field: false + description: > + Debug information, if present + type: flattened + - name: resources + default_field: false + type: flattened + description: > + If the PE contains resources, some info about them + - name: creation_date + default_field: false + description: > + extracted when possible from the file's metadata. Indicates when it was + built or compiled. It can also be faked by malware creators. + type: date + - name: hash.authentihash + description: > + Authentihash of the PE file. + type: keyword + - name: compile_timestamp + description: > + Compile timestamp of the PE file. + type: date + - name: main_icon.hash + type: group + description: > + Hashes of embedded program icon + fields: + - name: dhash + description: > + Difference Hash for a given PE file. + type: keyword + release: beta + - name: md5 + type: keyword + description: > + MD5 hash of raw icon data + release: beta + - name: compilers + type: keyword + description: > + Version of the compiler product. + - name: rich_pe_header.hash + type: keyword + description: > + RichPE header hash of the PE. + - name: entry_point + description: > + Entry point of the PE file. + format: string + type: long + - name: machine_type + description: > + Machine type of the PE file. + type: keyword + - name: overlay + type: nested + description: > + TODO + fields: + - name: chi2 + description: > + Chi2 information of the PE file. + type: float + - name: entropy + description: > + Entropy information of the PE file. + type: float + - name: filetype + description: > + Filetype of the PE file. + type: keyword + - name: md5 + description: > + Overlay MD5 hash of the PE file. + type: keyword + - name: offset + description: > + Offset of the overlay information of the PE file. + type: long + - name: size + description: > + Size of the PE file. + format: bytes + type: long + - name: sections + type: nested + description: > + TODO + fields: + - name: name + description: > + Binary Section name. + type: keyword + - name: physical_offset + description: > + Binary Section offset on disk. + type: keyword + - name: physical_size + description: > + Binary Section size in bytes + type: long + format: bytes + - name: virtual_address + description: > + Binary Section virtual address. + format: string + type: long + - name: virtual_size + description: > + Binary Section virtual size in bytes. + format: bytes + type: long + - name: flags + description: > + Binary Section flags. + type: keyword + - name: type + description: > + Binary Section type. + type: keyword + - name: segment_name + description: > + Binary Section name of containing segment. + type: keyword + - name: entropy + description: > + Binary Section measurement of Shannon entropy. + type: float + - name: chi2 + description: > + Binary Section measurement of Chi squared distribution. + type: float + - name: exports + description: > + List of exported element names and types + release: beta + type: nested + fields: + - name: name + description: > + Name of exported symbol + type: keyword + default_field: false + - name: type + description: > + Type of exported symbol + type: keyword + default_field: false + - name: imports + description: > + List of imported element names and types + release: beta + type: nested + fields: + - name: name + description: > + Name of imported symbol + type: keyword + default_field: false + - name: type + description: > + Type of imported symbol + type: keyword + default_field: false + +- name: rule + default_field: false + description: > + Specifics of any observer or agent rules that generate alerts. + type: group + fields: + - name: ruleset_id + description: > + Identification number of the rule. + type: keyword + - name: tags + description: > + Tagged metadata about the rule. + type: keyword + - name: match_in_subfile + description: > + whether the match was in a subfile or not + type: boolean diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-1.png b/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-1.png new file mode 100644 index 00000000000..d203b60c0e3 Binary files /dev/null and b/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-1.png differ diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-2.png b/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-2.png new file mode 100644 index 00000000000..13408c1e2ed Binary files /dev/null and b/x-pack/filebeat/module/virustotal/livehunt/_meta/images/kibana-virustotal-dashboard-2.png differ diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson b/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson new file mode 100644 index 00000000000..0559b806991 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson @@ -0,0 +1,10 @@ +{"attributes":{"columns":["file.hash.sha1","file.name","file.size","file.mime_type","rule.ruleset","rule.name","rule.tags","virustotal.capabilities","virustotal.type_description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Virustotal LiveHunt Files","version":1},"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","migrationVersion":{"search":"7.4.0"},"references":[{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2020-10-16T18:53:42.155Z","version":"WzE2ODkwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by ruleset over time [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Livehunt notifications by ruleset over time [Virustotal Filebeat]\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-2w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.ruleset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":9,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"8901bc70-0fe2-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:10:21.402Z","version":"WzE2OTg1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by type tag over time [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Livehunt notifications by type tag over time [Virustotal Filebeat]\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-2w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"virustotal.type_tag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"502946c0-0fe2-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:09:35.807Z","version":"WzE2OTgwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Analysis Results Wordcloud [Virustotal Filebeat] ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Analysis Results Wordcloud [Virustotal Filebeat] \",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: \\\"https://vega.github.io/schema/vega/v5.json\\\"\\n data: [\\n {\\n name: engines\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: \\\"filebeat-*\\\"\\n body: {\\n aggs: {\\n engines: {\\n nested: {\\n path: \\\"virustotal.analysis.results\\\"\\n },\\n aggs: {\\n values: {\\n terms: {\\n size: 100\\n field: \\\"virustotal.analysis.results.result\\\" \\n }\\n }\\n }\\n }\\n }\\n size: 0\\n }\\n }\\n format: { property: \\\"aggregations.engines.values.buckets\\\" }\\n transform: [\\n {\\n \\\"type\\\": \\\"formula\\\", \\\"as\\\": \\\"angle\\\",\\n \\\"expr\\\": \\\"0\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\", \\\"as\\\": \\\"weight\\\",\\n \\\"expr\\\": \\\"datum.doc_count\\\"\\n }\\n ]\\n }\\n ]\\n \\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"wordclick\\\",\\n \\\"value\\\": \\\"\\\",\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"text:click\\\",\\n \\\"update\\\": '''\\n kibanaAddFilter({\\\"nested\\\": {\\\"path\\\": \\\"virustotal.analysis.results\\\", \\\"query\\\": {\\\"bool\\\": {\\\"must\\\": [{ \\\"match\\\": { \\\"virustotal.analysis.results.result\\\": event.item.text } }]}}}})\\n '''\\n }\\n ]\\n }\\n ]\\n\\n scales: [\\n {\\n name: \\\"color\\\"\\n type: \\\"ordinal\\\"\\n domain: { data: \\\"engines\\\", field: \\\"key\\\" }\\n range: {\\\"scheme\\\": \\\"elastic\\\"}\\n }\\n ]\\n\\n marks: [\\n {\\n name: cloud\\n type: text\\n from: {data: \\\"engines\\\"}\\n encode: {\\n enter: {\\n text: {field: \\\"key\\\"}\\n align: {value: \\\"center\\\"}\\n baseline: {value: \\\"alphabetic\\\"}\\n fill: {scale: \\\"color\\\", field: \\\"key\\\"}\\n },\\n update: {\\n fillOpacity: {value: 1}\\n },\\n hover: {\\n fillOpacity: {value: 0.5}\\n }\\n\\n }\\n transform: [\\n {\\n type: wordcloud\\n text: {field: \\\"datum.key\\\"}\\n size: [{signal: \\\"width\\\"}, {signal: \\\"height\\\"}],\\n rotate: {field: \\\"datum.angle\\\"}\\n font: \\\"Helvetica Neue, Arial\\\"\\n fontSize: {field: \\\"datum.doc_count\\\"}\\n fontWeight: {field: \\\"datum.weight\\\"}\\n fontSizeRange: [8, 72]\\n padding: 4\\n }\\n ]\\n }\\n\\n ]\\n}\"}}"},"id":"32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-10-16T21:39:56.735Z","version":"WzE3Mjk4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by mime-type [Virustotal FIlebeat]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Livehunt notifications by mime-type [Virustotal FIlebeat]\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":9,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIME Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:13:14.522Z","version":"WzE2OTk2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"File Capabilities Word Cloud [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"File Capabilities Word Cloud [Virustotal Filebeat]\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"virustotal.capabilities\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":true}}"},"id":"1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-10-16T19:06:05.296Z","version":"WzE2OTY2LDFd"} +{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"road_map_desaturated\",\"isAutoSelect\":false},\"id\":\"6a988e7a-8078-4986-a10d-11f388582582\",\"label\":\"Base Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"]},\"id\":\"45ea51fa-2c06-4a28-91df-7c393a9186e9\",\"label\":\"Submission Country\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.49,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"__kbnjoin__count__b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"origin\":\"join\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"VECTOR\",\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"id\":\"b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"indexPatternTitle\":\"filebeat-*\",\"term\":\"virustotal.submission.source.geo.country_iso_code\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\"}}]}]","mapStateJSON":"{\"zoom\":1.77,\"center\":{\"lon\":0,\"lat\":0},\"timeFilters\":{\"from\":\"now-14d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.88,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"[Virustotal] Submission Country","uiStateJSON":"{\"isLayerTOCOpen\":false,\"openTOCDetails\":[]}"},"id":"506466e0-0d64-11eb-9aef-8b55a4ae31c5","migrationVersion":{"map":"7.9.0"},"references":[{"id":"filebeat-*","name":"layer_1_join_0_index_pattern","type":"index-pattern"}],"type":"map","updated_at":"2020-10-14T19:16:25.908Z","version":"WzE2NTEzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Detection Counts By Engine [VirusTotal Filebeat] ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Detection Counts By Engine [VirusTotal Filebeat] \",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega-lite/v4.json\\n title: Event counts from all indexes\\n // Define the data source\\n data: {\\n url: {\\n // Apply dashboard context filters when set\\n %context%: true\\n // Filter the time picker (upper right corner) with this field\\n %timefield%: @timestamp\\n\\n // Which index to search\\n index: filebeat-8.0.0\\n body: {\\n size: 0\\n aggs: {\\n \\\"results\\\": {\\n \\\"nested\\\": {\\n \\\"path\\\": \\\"virustotal.analysis.results\\\"\\n },\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"engine_name\\\": {\\\"terms\\\": {\\\"field\\\": \\\"virustotal.analysis.results.engine_name\\\"}}},\\n {\\\"category\\\": {\\\"terms\\\": {\\\"field\\\": \\\"virustotal.analysis.results.category\\\"}}}\\n ]\\n }\\n }\\n }\\n }\\n }\\n }\\n }\\n name: kibana\\n\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.results.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.engine_name\\n as: engine_name\\n }\\n {\\n type: formula\\n expr: datum.key.category\\n as: category\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: count\\n }\\n ]\\n }\\n\\n // \\\"mark\\\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\\n mark: text\\n\\n // \\\"encoding\\\" tells the \\\"mark\\\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\\n encoding: {\\n x: {\\n // The \\\"key\\\" value is the timestamp in milliseconds. Use it for X axis.\\n field: key.category\\n type: ordinal\\n axis: {\\n title: Category\\n } // Customize X axis format\\n }\\n y: {\\n // The \\\"doc_count\\\" is the count per bucket. Use it for Y axis.\\n field: key.engine_name\\n type: ordinal\\n axis: {\\n title: Engine Name\\n }\\n }\\n }\\n layer: [\\n {\\n \\\"mark\\\": \\\"rect\\\",\\n \\\"encoding\\\": {\\n \\\"color\\\": {\\n \\\"field\\\": \\\"doc_count\\\",\\n \\\"type\\\": \\\"quantitative\\\",\\n \\\"title\\\": \\\"Count of Records\\\",\\n \\\"legend\\\": {\\\"direction\\\": \\\"horizontal\\\", \\\"gradientLength\\\": 120}\\n }\\n }\\n },\\n {\\n mark: text\\n encoding: {\\n text: {\\n field: doc_count\\n type: quantitative\\n }\\n \\\"color\\\": {\\n \\\"condition\\\": {\\\"test\\\": \\\"datum['doc_count'] < 40\\\", \\\"value\\\": \\\"black\\\"},\\n \\\"value\\\": \\\"white\\\"\\n }\\n }\\n }\\n ]\\n config: {\\n axis: {\\n grid: true\\n tickBand: extent\\n }\\n }\\n}\"}}"},"id":"3429d920-0caf-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-10-16T18:55:10.043Z","version":"WzE2ODk5LDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":23,\"h\":15,\"i\":\"ec36b04f-b714-401a-a4c6-3212ca615592\"},\"panelIndex\":\"ec36b04f-b714-401a-a4c6-3212ca615592\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"37af54a7-99cb-41da-b00e-b5aebcd93e8b\"},\"panelIndex\":\"37af54a7-99cb-41da-b00e-b5aebcd93e8b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":15,\"w\":17,\"h\":18,\"i\":\"e83917f5-d17a-4e09-a553-c996a57b4739\"},\"panelIndex\":\"e83917f5-d17a-4e09-a553-c996a57b4739\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":17,\"y\":15,\"w\":12,\"h\":18,\"i\":\"46e12b30-e4dd-462f-b59f-48c88300a89e\"},\"panelIndex\":\"46e12b30-e4dd-462f-b59f-48c88300a89e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":29,\"y\":15,\"w\":19,\"h\":18,\"i\":\"1096fbd8-383b-4d8d-9582-dac41270475f\"},\"panelIndex\":\"1096fbd8-383b-4d8d-9582-dac41270475f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":33,\"w\":31,\"h\":17,\"i\":\"c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c\"},\"panelIndex\":\"c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c\",\"embeddableConfig\":{\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":20.2912,\"lon\":14.61228,\"zoom\":1.32},\"openTOCDetails\":[]},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":31,\"y\":33,\"w\":17,\"h\":17,\"i\":\"4130c0b5-c2af-4ded-9406-0b7d477c202d\"},\"panelIndex\":\"4130c0b5-c2af-4ded-9406-0b7d477c202d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":15,\"i\":\"70185726-7b35-4f2d-ab07-60c719705373\"},\"panelIndex\":\"70185726-7b35-4f2d-ab07-60c719705373\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"VirusTotal Livehunt Dashboard","version":1},"id":"bd059c90-0e56-11eb-9aef-8b55a4ae31c5","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8901bc70-0fe2-11eb-9aef-8b55a4ae31c5","name":"panel_0","type":"visualization"},{"id":"502946c0-0fe2-11eb-9aef-8b55a4ae31c5","name":"panel_1","type":"visualization"},{"id":"32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5","name":"panel_2","type":"visualization"},{"id":"a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5","name":"panel_3","type":"visualization"},{"id":"1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5","name":"panel_4","type":"visualization"},{"id":"506466e0-0d64-11eb-9aef-8b55a4ae31c5","name":"panel_5","type":"map"},{"id":"3429d920-0caf-11eb-9aef-8b55a4ae31c5","name":"panel_6","type":"visualization"},{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-10-16T19:23:57.806Z","version":"WzE3MDUyLDFd"} +{"exportedCount":10,"missingRefCount":0,"missingReferences":[]} diff --git a/x-pack/filebeat/module/virustotal/livehunt/config/cleanup-empty.js b/x-pack/filebeat/module/virustotal/livehunt/config/cleanup-empty.js new file mode 100644 index 00000000000..5ab03c0c3e6 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/config/cleanup-empty.js @@ -0,0 +1,35 @@ +// spellchecker: disable + +var params = { field: "" }; + +function register(scriptParams) { + params = scriptParams; +} + +// Adapted from https://stackoverflow.com/a/679937/6654930 +function isEmpty(obj) { + for (var prop in obj) { + if (obj.hasOwnProperty(prop)) + return false; + } + return true; +} + +function process(evt) { + var console = require("console"); + + console.debug("cleanup.cleanEmptyList"); + + if (params.field == "") { + console.debug("Empty field parameter. Skipping."); + return; + } + + var field_data = evt.Get(params.field); + // This works for empty objects, arrays, and null + if (typeof field_data == "object" && isEmpty(field_data)) { + console.debug("Field " + params.field + " is empty. Deleting."); + evt.Delete(params.field); + } +} + diff --git a/x-pack/filebeat/module/virustotal/livehunt/config/livehunt.yml b/x-pack/filebeat/module/virustotal/livehunt/config/livehunt.yml new file mode 100644 index 00000000000..cf0382f764b --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/config/livehunt.yml @@ -0,0 +1,256 @@ +#spellchecker: disable +{{ if eq .input "httpjson" }} +type: httpjson +config_version: "2" +interval: {{ .interval }} +request: + url: https://www.virustotal.com/api/v3/intelligence/hunting_notification_files?limit={{ .limit }} + method: GET + transforms: + - set: + target: header.x-apikey + value: {{ .api_key }} + - set: + target: url.params.filter + value: 'date:[[.cursor.timefilter]]+' + default: '' + +response: + split: + target: body.data + type: array + pagination: + - set: + target: url.params.cursor + value: '[[.last_response.body.meta.cursor]]' + +cursor: + timefilter: + value: '[[ .last_event.context_attributes.notification_date ]]' +{{ end }} + +{{ if eq .input "file" }} +type: log +paths: + {{ range $i, $path := .paths }} +- {{$path}} + {{ end }} +exclude_files: [".gz$"] +{{ end }} + +{{ if eq .input "kafka" }} +type: kafka +hosts: +{{ range $i, $broker := .kafka_brokers }} + - {{ $broker }} +{{ end }} +topics: +{{ range $i, $topic := .kafka_topics }} + - {{ $topic }} +{{ end }} +group_id: "{{ .kafka_groupid }}" +{{ end }} + +processors: + - add_fields: + target: '' + fields: + ecs.version: 1.7.0 + + - rename: + fields: + - {from: message, to: event.original} + + - decode_json_fields: + fields: [event.original] + target: "virustotal" + document_id: context_attributes.notification_id + + - add_fields: + target: event + fields: + kind: alert + category: file + type: info + + - script: + lang: javascript + id: vt_reference + params: + vt_fileinfo_url: "{{ .vt_fileinfo_url }}" + source: > + var params = {vt_fileinfo_url: "https://www.virustotal.com/gui/file/"}; + function register(scriptParams) { + params = scriptParams; + } + function process(event) { + var file_id = event.Get("virustotal.id"); + event.Put("event.reference", params.vt_fileinfo_url + file_id ); + } + + - rename: + ignore_missing: True + fields: + # Common file.* info + - {from: virustotal.attributes.names, to: file.name} + - {from: virustotal.attributes.size, to: file.size} + - {from: virustotal.attributes.md5, to: file.hash.md5} + - {from: virustotal.attributes.sha1, to: file.hash.sha1} + - {from: virustotal.attributes.sha256, to: file.hash.sha256} + - {from: virustotal.attributes.ssdeep, to: file.hash.ssdeep} + - {from: virustotal.attributes.tlsh, to: file.hash.tlsh} + + # Notification Info + - {from: virustotal.context_attributes.notification_snippet, to: virustotal.notification.snippet} + - {from: virustotal.context_attributes.notification_tags, to: virustotal.notification.tags} + - {from: virustotal.context_attributes.notification_date, to: virustotal.notification.date} + - {from: virustotal.context_attributes.rule_name, to: rule.name} + - {from: virustotal.context_attributes.ruleset_name, to: rule.ruleset} + - {from: virustotal.context_attributes.ruleset_id, to: rule.ruleset_id} + - {from: virustotal.context_attributes.rule_tags, to: rule.tags} + - {from: virustotal.context_attributes.match_in_subfile, to: rule.match_in_subfile} + + # Exiftool data + - {from: virustotal.attributes.exiftool, to: virustotal.exiftool} + + # Analysis + - {from: virustotal.attributes.last_analysis_stats, to: virustotal.analysis.stats} + - {from: virustotal.attributes.last_analysis_date, to: virustotal.analysis.date} + + # Sigma analysis + - {from: virustotal.attributes.sigma_analysis_stats, to: virustotal.sigma_analysis_stats} + - {from: virustotal.attributes.sigma_analysis_summary, to: virustotal.sigma_analysis} + + # Submission Info + - {from: virustotal.attributes.first_submission_date, to: virustotal.submission.first_submitted} + - {from: virustotal.attributes.last_submission_date, to: virustotal.submission.last_submitted} + - {from: virustotal.attributes.times_submitted, to: virustotal.submission.submission_count} + - {from: virustotal.attributes.unique_sources, to: virustotal.submission.unique_sources} + - {from: virustotal.context_attributes.notification_source_key, to: virustotal.submission.source.key} + - {from: virustotal.context_attributes.notification_source_country, to: virustotal.submission.source.geo.country_iso_code} + + # Other attributes + - {from: virustotal.attributes.tags, to: virustotal.tags} + - {from: virustotal.attributes.packers, to: virustotal.packers} + - {from: virustotal.attributes.magic, to: virustotal.magic} + - {from: virustotal.attributes.capabilities_tags, to: virustotal.capabilities} + - {from: virustotal.attributes.downloadable, to: virustotal.downloadable} + - {from: virustotal.attributes.vhash, to: virustotal.hash.vhash} + - {from: virustotal.attributes.creation_date, to: virustotal.creation_date} + - {from: virustotal.attributes.last_modification_date, to: virustotal.last_modified} + - {from: virustotal.attributes.crowdsourced_yara_results, to: virustotal.community.yara_results} + - {from: virustotal.attributes.total_votes, to: virustotal.community.total_votes} + - {from: virustotal.attributes.reputation, to: virustotal.community.reputation} + - {from: virustotal.attributes.trid, to: virustotal.trid} + - {from: virustotal.attributes.bytehero_info, to: virustotal.bytehero_info} + - {from: virustotal.attributes.type_description, to: virustotal.type_description} + - {from: virustotal.attributes.type_tag, to: virustotal.type_tag} + - {from: virustotal.attributes.type_extension, to: virustotal.type_extension} + - {from: virustotal.attributes.first_seen_itw_date, to: virustotal.first_seen_in_the_wild} + + # Android data + - {from: virustotal.attributes.androguard, to: virustotal.androguard} + + - script: + # Remove empty fields + when: + has_fields: ["rule.tags"] + lang: javascript + id: cleanup-empty_rule-tags + params: + field: "rule.tags" + file: ${path.home}/module/virustotal/livehunt/config/cleanup-empty.js + + - script: + # Remove empty fields + when: + has_fields: ["virustotal.community.rule"] + lang: javascript + id: cleanup-empty_virustotal-community-rules + params: + field: "virustotal.community.rule" + file: ${path.home}/module/virustotal/livehunt/config/cleanup-empty.js + + - script: + lang: javascript + id: virustotal-livehunt + file: ${path.home}/module/virustotal/livehunt/config/virustotal-analysis.js + + - drop_fields: + ignore_missing: True + fields: + - virustotal.type + - virustotal.meaningful_name + - virustotal.attributes.creation_date + - virustotal.attributes.meaningful_name + - virustotal.links + + - if: + has_fields: ["virustotal.attributes.elf_info"] + then: + - rename: + ignore_missing: True + fields: + # ELF data + - {from: virustotal.attributes.elf_info, to: file.elf} + - {from: file.elf.header.obj_version, to: file.elf.header.object_version} + - {from: file.elf.header.hdr_version, to: file.elf.header.version} + - {from: file.elf.header.num_prog_headers, to: file.elf.number_program_headers} + - {from: file.elf.header.num_section_headers, to: file.elf.number_section_headers} + - {from: virustotal.attributes.telfhash, to: file.elf.hash.telfhash} + - {from: virustotal.creation_date, to: file.elf.creation_date} + + # Normalized binary info + - {from: file.elf.import_list, to: file.elf.imports} + - {from: file.elf.export_list, to: file.elf.exports} + - {from: file.elf.section_list, to: file.elf.sections} + - {from: file.elf.segment_list, to: file.elf.segments} + + - script: + lang: javascript + id: virustotal-pe + file: ${path.home}/module/virustotal/livehunt/config/virustotal-elf.js + + - if: + has_fields: ["virustotal.attributes.pe_info"] + then: + - rename: + ignore_missing: True + fields: + # PE data + - {from: virustotal.attributes.pe_info, to: file.pe} + - {from: virustotal.attributes.authentihash, to: file.pe.authentihash} + - {from: file.pe.timestamp, to: file.pe.compile_timestamp} + - {from: virustotal.attributes.signature_info.product, to: file.pe.product} + - {from: virustotal.attributes.signature_info.copyright, to: file.pe.company} + - {from: virustotal.attributes.signature_info.comments, to: file.pe.comments} + - {from: virustotal.attributes.signature_info.description, to: file.pe.description} + - {from: "virustotal.attributes.signature_info.file version", to: file.pe.file_version} + - {from: "virustotal.attributes.signature_info.original name", to: file.pe.original_file_name} + - {from: virustotal.creation_date, to: file.pe.creation_date} + - {from: virustotal.attributes.main_icon, to: file.pe.main_icon.hash} + - {from: file.pe.main_icon.hash.raw_md5, to: file.pe.main_icon.hash.md5} + - {from: file.pe.authentihash, to: file.pe.hash.authentihash} + - {from: file.pe.rich_pe_header_hash, to: file.pe.rich_pe_header.hash} + - {from: file.pe.compiler_product_versions, to: file.pe.compilers} + + # Normalized binary info + - {from: file.pe.import_list, to: file.pe.imports} + + # Flattened fields + - {from: file.pe.resource_details, to: file.pe.flattened.resources} + - {from: file.pe.debug, to: file.pe.flattened.debug} + + - drop_fields: + ignore_missing: True + fields: + # these are duplicates of data derivable from file.pe.resources + - file.pe.resource_langs + - file.pe.resource_types + + + - script: + lang: javascript + id: virustotal-pe + file: ${path.home}/module/virustotal/livehunt/config/virustotal-pe.js + diff --git a/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-analysis.js b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-analysis.js new file mode 100644 index 00000000000..9e1c6b68945 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-analysis.js @@ -0,0 +1,368 @@ +// spellchecker: disable +var exif_lookup = { + // PE files + "AssemblyVersion": "assembly_version", + "CharacterSet": "character_set", + "CodeSize": "code_size", + "CompanyName": "company_name", + "EntryPoint": "entry_point", + "FileDescription": "file_description", + "FileFlagsMask": "file_flags_mask", + "FileOS": "file_os", + "FileSize": "file_size", + "FileSubtype": "file_subtype", + "FileType": "file_type", + "FileTypeExtension": "file_type_extension", + "FileVersion": "file_version", + "FileVersionNumber": "file_version_number", + "ImageVersion": "image_version", + "ImageFileCharacteristics": "image_file_characteristics", + "InitializedDataSize": "initialized_data_size", + "InternalName": "internal_name", + "LanguageCode": "language_code", + "LegalCopyright": "legal_copyright", + "LegalTrademarks1": "legal_trademarks_1", + "LegalTrademarks2": "legal_trademarks_2", + "LinkerVersion": "linker_version", + "MIMEType": "mime_type", + "MachineType": "machine_type", + "OSVersion": "os_version", + "ObjectFileType": "object_file_type", + "OriginalFileName": "original_file_name", + "PEType": "pe_type", + "ProductName": "product_name", + "ProductVersion": "product_version", + "ProductVersionNumber": "product_version_number", + "Subsystem": "subsystem", + "SubsystemVersion": "subsystem_version", + "TimeStamp": "timestamp", + "UninitializedDataSize": "uninitialized_data_size", + // PDF files + "CreateDate": "create_date", + "Creator": "creator", + "CreatorTool": "creator_tool", + "DocumentID": "document_id", + "Linearized": "linearized", + "ModifyDate": "modify_date", + "PDFVersion": "pdf_version", + "PageCount": "page_count", + "Producer": "producer", + "XMPToolkit": "xmp_toolkit", + // MachO & ELF files + "CPUArchitecture": "cpu_architecture", + "CPUByteOrder": "cpu_byte_order", + "CPUCount": "cpu_count", + "CPUType": "cpu_type", + "CPUSubtype": "cpu_subtype", + "ObjectFlags": "object_flags", + // Text files + "LineCount": "line_count", + "MIMEEncoding": "mime_encoding", + "WordCount": "word_count", + "NewLines": "new_lines" +}; + +var type_lookup = { + // Executables + "peexe": "application/vnd.microsoft.portable-executable", + "pedll": "application/vnd.microsoft.portable-executable", + "neexe": "application/x-dosexec", + "nedll": "application/x-dosexec", + "mz": "application/x-dosexec", + "msi": "application/x-msi", + "com": "application/x-dosexec", + "coff": "application/x-coff", + "elf": "application/x-executable", + "rpm": "application/x-rpm", + "macho": "application/x-mach-o-executable", + + // Internet + "html": "text/html", + "xml": "application/xml", + "flash": "application/x-shockwave-flash", + "fla": "application/x-flash-authoring-material", + "iecookie": "text/x-ie-cookie", + "bittorrent": "", + "email": "message/rfc822", + "outlook": "application/x-outlook-message", + "cap": "application/vnd.tcpdump.pcap", + + // Images + "jpeg": "image/jpeg", + "emf": "application/x-emf", + "tiff": "image/tiff", + "gif": "image/gif", + "png": "image/png", + "bmp": "image/bmp", + "gimp": "image/x-xcf", + "indesign": "application/x-adobe-indesign", + "psd": "image/vnd.adobe.photoshop", + "dib": "image/x-ms-bmp", + "jng": "video/x-jng", + "ico": "image/vnd.microsoft.icon", + "fpx": "image/vnd.fpx", + "eps": "application/postscript", + "svg": "image/svg+xml", + + // Video & audio + "ogg": "audio/ogg", + "flc": "video/x-flc", + "fli": "video/x-fli", + "mp3": "audio/mpeg", + "flac": "audio/x-flac", + "wav": "audio/wav", + "midi": "audio/midi", + "avi": "video/x-msvideo", + "mpeg": "video/mpeg", + "qt": "video/quicktime", + "asf": "application/vnd.ms-asf", + "divx": "video/x-divx", + "flv": "video/x-flv", + "wma": "audio/x-ms-wma", + "wmv": "video/x-ms-wmv", + "rm": "application/vnd.rn-realmedia", + "mov": "video/quicktime", + "mp4": "video/mp4", + "3gp": "video/3gpp", + + // Documents + "text": "text/plain", + "pdf": "application/pdf", + "ps": "application/postscript", + "doc": "application/msword", + "docx": "application/vnd.openxmlformats-officedocument.wordprocessingml.document", + "rtf": "application/rtf", + "ppt": "application/vnd.mspowerpoint", + "pptx": "application/vnd.openxmlformats-officedocument.presentationml.presentation", + "xls": "application/vnd.ms-excel", + "xlsx": "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", + "odp": "application/vnd.oasis.opendocument.presentation", + "ods": "application/vnd.oasis.opendocument.spreadsheet", + "odt": "application/vnd.oasis.opendocument.text", + "hwp": "application/x-hangul-word", + "gul": "application/x-samsung-document", + "ebook": "application/vnd.amazon.ebook", + "latex": "application/x-latex", + + // Bundles + "isoimage": "application/x-iso9660-image", + "zip": "application/zip", + "gzip": "application/gzip", + "bzip": "application/x-bzip", + "rzip": "application/x-rzip-compressed", + "dzip": "application/x-dzip-compressed", + "7zip": "application/x-7z-compressed", + "cab": "application/vnd.ms-cab-compressed", + "jar": "application/java-archive", + "rar": "application/vnd.rar", + "mscompress": "application/x-mscompress", + "ace": "application/x-ace-compressed", + "arc": "application/x-arc-compressed", + "arj": "application/x-arj-compressed", + "asd": "application/x-asd-compressed", + "blackhole": "application/x-blackhole-compressed", + "kgb": "application/x-kgb-compressed", + + // Code + "script": "application/x-sh", + "php": "text/x-php", + "python": "text/x-python", + "perl": "text/x-perl", + "ruby": "text/x-ruby", + "c": "text/x-csrc", + "cpp": "text/x-c++src", + "java": "text/x-java-source", + "shell": "application/x-sh", + "pascal": "text/x-pascal", + "awk": "text/x-awk", + "dyalog": "text/x-dyalog", + "fortran": "text/x-fortran", + "java-bytecode": "application/java-vm", + "vba": "text/x-vba", + + // Apple + "mac": "application/macbinary", + "applesingle": "application/applefile; version=\"1\"", + "appledouble": "application/applefile; version=\"2\"", + "machfs": "application/x-apple-diskimage", + + // Miscellaneous + "lnk": "application/x-windows-shortcut", + "ttf": "font/ttf", + "rom": "application/x-rom-image" +}; + +var androguard_lookup = { + "Activities": "activities", + "AndroguardVersion": "version", + "AndroidApplication": "android_application", + "AndroidApplicationError": "android_application_error", + "AndroidApplicationInfo": "android_application_info", + "AndroidVersionCode": "android_version_code", + "AndroidVersionName": "android_version_name", + "Libraries": "libraries", + "main_activity": "main_activity", + "MinSdkVersion": "minimum_sdk_version", + "Package": "package", + "Providers": "providers", + "Receivers": "receivers", + "RiskIndicator": "risk_indicator", + "Services": "services", + "StringsInformation": "strings_information", + "TargetSdkVersion": "target_sdk_version", + "VTAndroidInfo": "vt_android_info", + "certificate": "certificate", + "intent_filters": "intent_filters", + "permission_details": "permission_details" +}; + +var yara_result_lookup = { + "description": "description", + "match_in_subfile": "match_in_subfile", + "rule_name": "name", + "ruleset_id": "ruleset_id", + "ruleset_name": "ruleset", + "reference": "source" +}; + +var vtAnalysis = (function () { + var processor = require("processor"); + var console = require("console"); + + var normalizeAnalysis = function (evt) { + console.debug("vtAnalysis.normalizeAnalysis()"); + + var last_analysis_results = evt.Get("virustotal.attributes.last_analysis_results"); + + if (last_analysis_results != null) { + console.debug("last_analysis_results: \n" + JSON.stringify(last_analysis_results, undefined, 2)); + var analysis_results = Array(); + Object.keys(last_analysis_results).forEach(function (key) { + analysis_results.push(last_analysis_results[key]); + }); + + evt.Put("virustotal.analysis.results", analysis_results); + evt.Delete("virustotal.attributes.last_analysis_results"); + } + }; + + var normalizePackers = function (evt) { + console.debug("vtAnalysis.normalizePackers()"); + + var packers = evt.Get("virustotal.packers"); + var packer_list = Array(); + + if (packers != null) { + console.debug("virustotal.packers" + JSON.stringify(packers, undefined, 2)); + Object.keys(packers).forEach(function (key) { + packer_list.push({ "tool_name": key, "name": packers[key] }); + }); + evt.Delete("virustotal.packers"); + evt.Put("virustotal.packers", packer_list); + console.debug("virustotal.packers:\n" + JSON.stringify(packer_list, undefined, 2)); + } + }; + + var normalizeCommunityRules = function (evt) { + console.debug("vtAnalysis.normalizeCommunityRules()"); + + var yara_results = evt.Get("virustotal.community.yara_results"); + + if (yara_results != null) { + console.debug("yara_results: \n" + JSON.stringify(yara_results, undefined, 2)); + var normal_results = Array(); + for (var i = 0; i < yara_results.length; i++) { + var rule = {}; + var clean_key = ""; + Object.keys(yara_results[i]).forEach(function (key) { + if (key in yara_result_lookup) { + clean_key = yara_result_lookup[key]; + } else { + clean_key = key; + } + rule[clean_key] = yara_results[key]; + }); + } + + evt.Put("virustotal.community.rule", normal_results); + evt.Delete("virustotal.community.yara_results"); + } + }; + + var snakeCaseExifTool = function (evt) { + console.debug("vtAnalysis.snakeCaseExifTool()"); + + var exifdata = evt.Get("virustotal.exiftool"); + console.debug("exifdata: \n" + JSON.stringify(exifdata, undefined, 2)); + + if (exifdata != null) { + var exif_clean = {}; + var clean_key = ""; + Object.keys(exifdata).forEach(function (key) { + if (key in exif_lookup) { + clean_key = exif_lookup[key]; + } else { + // By default, don't change the key so that it's easy to notice and fix + clean_key = key; + } + exif_clean[clean_key] = exifdata[key]; + }); + + evt.Put("virustotal.exiftool", exif_clean); + } + }; + + var snakeCaseAndroguard = function (evt) { + console.debug("vtAnalysis.snakeCaseAndroguard()"); + + var androdata = evt.Get("virustotal.androguard"); + console.debug("androguard: \n" + JSON.stringify(androdata, undefined, 2)); + + if (androdata != null) { + var andro_clean = {}; + var clean_key = ""; + Object.keys(androdata).forEach(function (key) { + if (key in androguard_lookup) { + clean_key = androguard_lookup[key]; + } else { + // By default, don't change the key so that it's easy to notice and fix + clean_key = key; + } + andro_clean[clean_key] = androdata[key]; + }); + + evt.Put("virustotal.androguard", andro_clean); + } + }; + + var addMimeType = function (evt) { + console.debug("vtAnalysis.addMimeType"); + var type_tag = evt.Get("virustotal.type_tag"); + + if (type_tag != null && type_tag in type_lookup) { + evt.Put("file.mime_type", type_lookup[type_tag]); + } + }; + + var processMessage = new processor.Chain() + .Add(function (evt) { + normalizeAnalysis(evt); + normalizeCommunityRules(evt); + normalizePackers(evt); + snakeCaseExifTool(evt); + snakeCaseAndroguard(evt); + addMimeType(evt); + }) + .Build(); + + return { + process: function (evt) { + console.debug("vtAnalysis.process()"); + processMessage.Run(evt); + } + }; +})(); + +function process(evt) { + vtAnalysis.process(evt); +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-elf.js b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-elf.js new file mode 100644 index 00000000000..724996327e8 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-elf.js @@ -0,0 +1,228 @@ +// spellchecker: disable + +var elf_symbol_type_lookup = { + "NOTYPE": "no type", + "FUNC": "function", + "TLS": "thread local symbol", + "OBJECT": "object" +}; + +function isLetter(c) { + return c.toLowerCase() != c.toUpperCase(); +} + + +var vtELF = (function () { + var processor = require("processor"); + var console = require("console"); + + var normalizeImports = function (evt) { + console.debug("vtELF.normalizeImports"); + + var imports = evt.Get("file.elf.imports"); + var normal_imports = Array(); + + if (imports != null) { + console.debug("imports[" + imports.length + "]: \n" + JSON.stringify(imports, undefined, 2)); + + /* The goal is to normalize import list to the following + * structure: + * { + * "name": "MY_SYMBOL", (keyword) + * "type": "function", (keyword, lowercased; normalized to function, object, notype, thread local symbol + * "library_name": "kernel32.dll" + * } + * + * NOTE: VT doesn't return resolved library_name for ELF files, so this will be omitted + */ + for (var i = 0; i < imports.length; i++) { + var sym_type = imports[i].type; + if (sym_type in elf_symbol_type_lookup) { + imports[i].type = elf_symbol_type_lookup[sym_type]; + } + } + + evt.Delete("file.elf.imports"); + evt.Put("file.elf.imports", imports); + } + + }; + + var normalizeExports = function (evt) { + console.debug("vtELF.normalizeExports"); + + var exports = evt.Get("file.elf.exports"); + + if (exports != null) { + console.debug("exports[" + exports.length + "]: \n" + JSON.stringify(exports, undefined, 2)); + + /* The goal is to normalize exports list to the following + * structure: + * { + * "name": "MY_SYMBOL", (keyword) + * "type": "function", (keyword, lowercased; normalized to function, object, notype, thread local symbol + * "library_name": "kernel32.dll" + * } + * + * NOTE: VT doesn't return resolved library_name for ELF files, so this will be omitted + */ + for (var i = 0; i < exports.length; i++) { + var sym_type = exports[i].type; + if (sym_type in elf_symbol_type_lookup) { + exports[i].type = elf_symbol_type_lookup[sym_type]; + } + } + + evt.Delete("file.elf.exports"); + evt.Put("file.elf.exports", exports); + } + + }; + + var normalizeSections = function (evt) { + console.debug("vtELF.normalizeSections"); + + var sections = evt.Get("file.elf.sections"); + + // Input structure + // { + // "section_type": "NULL", + // "virtual_address": 0, + // "size": 0, + // "physical_offset": 0, + // "flags": "", + // "name": "" + // }, + if (sections != null) { + for (var i = 0; i < sections.length; i++) { + var old_sect = sections[i]; + var new_sect = { + "name": old_sect.name, + // VT returns this field with a misspelling + "physical_offset": "0x" + old_sect.phisical_offset.toString(16).toUpperCase(), + "physical_size": old_sect.size, + "virtual_address": "0x" + old_sect.virtual_address.toString(16).toUpperCase(), + "type": old_sect.section_type + } + + // Section flags: https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#Section_header + // 0x1 SHF_WRITE Writable + // 0x2 SHF_ALLOC Occupies memory during execution + // 0x4 SHF_EXECINSTR Executable + // 0x10 SHF_MERGE Might be merged + // 0x20 SHF_STRINGS Contains null-terminated strings + // 0x40 SHF_INFO_LINK 'sh_info' contains SHT index + // 0x80 SHF_LINK_ORDER Preserve order after combining + // 0x100 SHF_OS_NONCONFORMING Non-standard OS specific handling required + // 0x200 SHF_GROUP Section is member of a group + // 0x400 SHF_TLS Section hold thread-local data + // 0x0ff00000 SHF_MASKOS OS-specific + // 0xf0000000 SHF_MASKPROC Processor-specific + // 0x4000000 SHF_ORDERED Special ordering requirement (Solaris) + // 0x8000000 SHF_EXCLUDE Section is excluded unless referenced or allocated (Solaris) + var flag_lookup = { + "W": "WRITE", + "A": "ALLOC", + "X": "EXECINSTR", + "M": "MERGE", + "S": "STRINGS", + "I": "INFO_LINK", + "T": "TLS" + } + + console.debug("section flags[" + old_sect.flags.length + "]: \n" + old_sect.flags); + + var new_flags = []; + for (var j = 0; j < old_sect.flags.length; j++) { + + var flag = old_sect.flags[j]; + console.debug("flag[" + j + "]: " + flag[j]); + if (flag_lookup.hasOwnProperty(flag)) { + new_flags.push(flag_lookup[flag]); + } else { + new_flags.push(flag); + } + } + + if (new_flags.length > 0) { + new_sect["flags"] = new_flags; + } + + // Replace existing section + sections[i] = new_sect; + } + + evt.Delete("file.elf.sections"); + evt.Put("file.elf.sections", sections); + } + }; + + var normalizeSegments = function (evt) { + console.debug("vtELF.normalizeSegments"); + + // Input structure: + // [ { + // "resources": [ + // ".note.gnu.build-id", + // ".gnu.hash", + // ".dynsym", + // ".dynstr", + // ".gnu.version", + // ".gnu.version_r", + // ".rela.dyn", + // ".rela.plt", + // ".init", + // ".plt", + // ".plt.got", + // ".text", + // ".fini", + // ".rodata", + // ".eh_frame_hdr", + // ".eh_frame" + // ], + // "segment_type": "LOAD" + // }, + var segments = evt.Get("file.elf.segments"); + if (segments != null) { + var new_segments = Array(); + for (var i = 0; i < segments.length; i++) { + new_segments.push({ "type": segments[i].segment_type, "sections": segments[i].resources }) + + // IDEA: could perhaps loop through all sections in this segment to calculate physical address and size + } + + evt.Delete("file.elf.segments"); + evt.Put("file.elf.segments", new_segments); + } + // Desired output + // { + // "file_offset": "[keyword] Address in hex string of segment location", //# Not sure about this + // "flags": "[keyword] flags on segment, if present", + // "physical_address": "[keyword] Address as hex string of segment", + // "physical_size": "[long] Size of segment, in bytes", + // "sections": "[keyword] List of section names present in this segment", + // "type": "[keyword] Type of segment", + // "virtual_address": "[keyword]" + // } + }; + + var processMessage = new processor.Chain() + .Add(function (evt) { + normalizeImports(evt); + normalizeExports(evt); + normalizeSections(evt); + normalizeSegments(evt); + }) + .Build(); + + return { + process: function (evt) { + console.debug("vtELF.process()"); + processMessage.Run(evt); + } + } +})(); + +function process(evt) { + vtELF.process(evt); +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-pe.js b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-pe.js new file mode 100644 index 00000000000..e16ca026b50 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/config/virustotal-pe.js @@ -0,0 +1,151 @@ +// spellchecker: disable +var vtPE = (function () { + var processor = require("processor"); + var console = require("console"); + + var normalizeImports = function (evt) { + console.debug("vtPE.normalizeImports"); + + var imports = evt.Get("file.pe.imports"); + var normal_imports = Array(); + + if (imports != null) { + console.debug("imports[" + imports.length + "]: \n" + JSON.stringify(imports, undefined, 2)); + + /* The goal is to normalize import list to the following + * structure: + * { + * "name": "MY_SYMBOL", (keyword) + * "type": "function", (keyword, lowercased; normalized to function, object, notype, thread local symbol + * "library_name": "kernel32.dll" + * } + */ + var norm_imports = Array(); + for (var i = 0; i < imports.length; i++) { + var libname = imports[i].library_name; + for (var j = 0; j < imports[i].imported_functions.length; j++) { + norm_imports.push( + { + "name": imports[i].imported_functions[j], + "type": "function", + "library_name": libname + } + ); + } + } + + console.debug("normalized imports[" + norm_imports.length + "]: \n" + JSON.stringify(norm_imports, undefined, 2)); + evt.Delete("file.pe.imports"); + evt.Put("file.pe.imports", norm_imports); + } + }; + + var normalizeExports = function (evt) { + console.debug("vtPE.normalizeExports"); + + var exports = evt.Get("file.pe.exports"); + if (exports != null) { + console.debug("exports[" + exports.length + "]: \n" + + JSON.stringify(exports, undefined, 2)); + + /* The goal is to normalize export list to the following + * structure: + * { + * "name": "MY_SYMBOL", (keyword) + * "type": "function", (keyword, lowercased; normalized to function, object, notype, thread local symbol + * "library_name": "kernel32.dll" + * } + */ + var norm_exports = Array(); + for (var i = 0; i < exports.length; i++) { + norm_exports.push( + { + "name": exports[i], + "type": "function", + } + ); + } + + evt.Delete("file.pe.exports"); + evt.Put("file.pe.exports", norm_exports); + } + }; + + var normalizeSections = function (evt) { + console.debug("vtPE.normalizeSections"); + + var sections = evt.Get("file.pe.sections"); + + // original sections entry: [{ + // "chi2": 144106.34, + // "virtual_address": 8192, + // "entropy": 5.29, + // "name": ".text", + // "flags": "rx", + // "raw_size": 5632, + // "virtual_size": 5316, + // "md5": "9002a963c87901397a986c3333d09627" + // },...] + if (sections != null) { + console.debug("sections[" + sections.length + "]: \n" + + JSON.stringify(sections, undefined, 2)); + + // { + // name: "Name of code section", + // physical_offset: "[keyword] Offset of the section from the beginning of the segment, in hex", + // physical_size: "[long] Size of the code section in the file in bytes", + // virtual_address: "[keyword] relative virtual memory address when loaded", + // virtual_size: "[long] Size of the section in bytes when loaded into memory", + // flags: "[keyword] List of flag values as strings for this section", + // type: "[keyword] Section type as string, if applicable", + // segment_name: "[keyword] Name of segment for this section, if applicable", + // entropy: "[float] shannon entropy calculated from section content in bits per byte of information", + // chi2: "[float]" + // } + var normal_sections = Array(); + for (var i = 0; i < sections.length; i++) { + var norm_sect = { + "name": sections[i].name, + "physical_size": sections[i].raw_size, + "virtual_address": "0x" + sections[i].virtual_address.toString(16).toUpperCase(), + "virtual_size": sections[i].virtual_size, + "flags": sections[i].flags, + "entropy": sections[i].entropy, + "chi2": sections[i].chi2 + }; + + // Allow for different hashes in the future + var hashes = {}; + if (sections[i].hasOwnProperty("md5")) { + hashes["md5"] = sections[i].md5; + } + + if (hashes != {}) { + norm_sect["hash"] = hashes; + } + + normal_sections.push(norm_sect); + } + } + + }; + + var processMessage = new processor.Chain() + .Add(function (evt) { + normalizeImports(evt); + normalizeExports(evt); + // normalizeSections(evt); + }) + .Build(); + + return { + process: function (evt) { + processMessage.Run(evt); + } + } +})(); + +function process(evt) { + vtPE.process(evt); +} + diff --git a/x-pack/filebeat/module/virustotal/livehunt/elf.example.json b/x-pack/filebeat/module/virustotal/livehunt/elf.example.json new file mode 100644 index 00000000000..b42289eb684 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/elf.example.json @@ -0,0 +1,1130 @@ +{ + "agent": { + "name": "eBook", + "id": "e5d3e809-401f-4da8-bb38-629ac1bfc1de", + "type": "filebeat", + "ephemeral_id": "9d521278-e4c9-41b8-bd0a-9aa615b855a8", + "version": "8.0.0" + }, + "rule": { + "ruleset_id": "4895900794650624", + "name": "elf_64", + "ruleset": "ELF", + "match_in_subfile": false, + "tags": [ + "elf", + "amd64" + ] + }, + "fileset": { + "name": "livehunt" + }, + "input": { + "type": "httpjson" + }, + "@timestamp": "2020-10-28T02:20:29.000Z", + "file": { + "size": 14488, + "mime_type": "application/x-executable", + "name": [ + "nologin" + ], + "hash": { + "sha1": "6d363ad608ed781f594c7a4064527e0bd99d456c", + "sha256": "40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0", + "tlsh": "T1F6524009E766CE3FD9B8077884970F3031B8A844A3634723631C767D2E52794EB4A9DB", + "ssdeep": "96:R6oSTCmVB+BxDtumvc2kQ/8lLzMQMdoiV5mOpQbg4fx:RMjwPQ52ilLInoiWOyg", + "md5": "e0ac0bf8cb4f08cc8545be7a81bbd612" + }, + "elf": { + "number_program_headers": 11, + "flattened": { + "segment_list": [ + { + "resources": [], + "segment_type": "PHDR" + }, + { + "resources": [ + ".interp" + ], + "segment_type": "INTERP" + }, + { + "resources": [ + ".interp", + ".note.gnu.build-id", + ".note.ABI-tag", + ".gnu.hash", + ".dynsym", + ".dynstr", + ".gnu.version", + ".gnu.version_r", + ".rela.dyn", + ".rela.plt" + ], + "segment_type": "LOAD" + }, + { + "segment_type": "LOAD", + "resources": [ + ".init", + ".plt", + ".plt.got", + ".text", + ".fini" + ] + }, + { + "resources": [ + ".rodata", + ".eh_frame_hdr", + ".eh_frame" + ], + "segment_type": "LOAD" + }, + { + "resources": [ + ".init_array", + ".fini_array", + ".dynamic", + ".got", + ".data", + ".bss" + ], + "segment_type": "LOAD" + }, + { + "resources": [ + ".dynamic" + ], + "segment_type": "DYNAMIC" + }, + { + "resources": [ + ".note.gnu.build-id", + ".note.ABI-tag" + ], + "segment_type": "NOTE" + }, + { + "resources": [ + ".eh_frame_hdr" + ], + "segment_type": "GNU_EH_FRAME" + }, + { + "segment_type": "GNU_STACK", + "resources": [] + }, + { + "resources": [ + ".init_array", + ".fini_array", + ".dynamic", + ".got" + ], + "segment_type": "GNU_RELRO" + } + ] + }, + "number_section_headers": 28, + "imports": [ + { + "name": "getenv", + "type": "FUNC" + }, + { + "name": "closelog", + "type": "FUNC" + }, + { + "name": "_ITM_deregisterTMCloneTable", + "type": "NOTYPE" + }, + { + "name": "puts", + "type": "FUNC" + }, + { + "name": "getuid", + "type": "FUNC" + }, + { + "name": "__libc_start_main", + "type": "FUNC" + }, + { + "name": "__gmon_start__", + "type": "NOTYPE" + }, + { + "name": "getlogin", + "type": "FUNC" + }, + { + "name": "ttyname", + "type": "FUNC" + }, + { + "name": "__syslog_chk", + "type": "FUNC" + }, + { + "name": "openlog", + "type": "FUNC" + }, + { + "name": "_ITM_registerTMCloneTable", + "type": "NOTYPE" + }, + { + "name": "__cxa_finalize", + "type": "FUNC" + } + ], + "shared_libraries": [ + "libc.so.6" + ], + "header": { + "object_version": "0x1", + "data": "2's complement, little endian", + "machine": "Advanced Micro Devices X86-64", + "os_abi": "UNIX - System V", + "entrypoint": 4480, + "abi_version": 0, + "type": "DYN (Shared object file)", + "version": "1 (current)", + "class": "ELF64" + }, + "telfhash": "t12b90041fc07d014055d1f00000c0103500d5571c733fd7443fdc70717415001310154c", + "sections": [ + { + "section_type": "NULL", + "virtual_address": 0, + "size": 0, + "physical_offset": 0, + "flags": "", + "name": "" + }, + { + "section_type": "PROGBITS", + "virtual_address": 680, + "size": 28, + "physical_offset": 680, + "flags": "A", + "name": ".interp" + }, + { + "section_type": "NOTE", + "virtual_address": 708, + "size": 36, + "physical_offset": 708, + "flags": "A", + "name": ".note.gnu.build-id" + }, + { + "section_type": "NOTE", + "virtual_address": 744, + "size": 32, + "physical_offset": 744, + "flags": "A", + "name": ".note.ABI-tag" + }, + { + "section_type": "GNU_HASH", + "virtual_address": 776, + "size": 36, + "physical_offset": 776, + "flags": "A", + "name": ".gnu.hash" + }, + { + "section_type": "DYNSYM", + "virtual_address": 816, + "size": 336, + "physical_offset": 816, + "flags": "A", + "name": ".dynsym" + }, + { + "section_type": "STRTAB", + "virtual_address": 1152, + "size": 201, + "physical_offset": 1152, + "name": ".dynstr", + "flags": "A" + }, + { + "section_type": "VERSYM", + "virtual_address": 1354, + "size": 28, + "physical_offset": 1354, + "name": ".gnu.version", + "flags": "A" + }, + { + "section_type": "VERNEED", + "virtual_address": 1384, + "size": 48, + "physical_offset": 1384, + "flags": "A", + "name": ".gnu.version_r" + }, + { + "section_type": "RELA", + "virtual_address": 1432, + "size": 192, + "physical_offset": 1432, + "flags": "A", + "name": ".rela.dyn" + }, + { + "section_type": "RELA", + "virtual_address": 1624, + "size": 192, + "physical_offset": 1624, + "flags": "AI", + "name": ".rela.plt" + }, + { + "section_type": "PROGBITS", + "virtual_address": 4096, + "size": 23, + "physical_offset": 4096, + "flags": "AX", + "name": ".init" + }, + { + "section_type": "PROGBITS", + "virtual_address": 4128, + "size": 144, + "physical_offset": 4128, + "flags": "AX", + "name": ".plt" + }, + { + "section_type": "PROGBITS", + "virtual_address": 4272, + "size": 8, + "physical_offset": 4272, + "flags": "AX", + "name": ".plt.got" + }, + { + "section_type": "PROGBITS", + "virtual_address": 4288, + "size": 529, + "physical_offset": 4288, + "flags": "AX", + "name": ".text" + }, + { + "virtual_address": 4820, + "section_type": "PROGBITS", + "size": 9, + "physical_offset": 4820, + "flags": "AX", + "name": ".fini" + }, + { + "section_type": "PROGBITS", + "virtual_address": 8192, + "size": 153, + "physical_offset": 8192, + "flags": "A", + "name": ".rodata" + }, + { + "section_type": "PROGBITS", + "virtual_address": 8348, + "size": 60, + "physical_offset": 8348, + "flags": "A", + "name": ".eh_frame_hdr" + }, + { + "section_type": "PROGBITS", + "virtual_address": 8408, + "size": 304, + "physical_offset": 8408, + "flags": "A", + "name": ".eh_frame" + }, + { + "virtual_address": 15744, + "section_type": "INIT_ARRAY", + "size": 8, + "physical_offset": 11648, + "flags": "WA", + "name": ".init_array" + }, + { + "section_type": "FINI_ARRAY", + "virtual_address": 15752, + "size": 8, + "physical_offset": 11656, + "flags": "WA", + "name": ".fini_array" + }, + { + "virtual_address": 15760, + "section_type": "DYNAMIC", + "size": 496, + "physical_offset": 11664, + "flags": "WA", + "name": ".dynamic" + }, + { + "section_type": "PROGBITS", + "virtual_address": 16256, + "size": 128, + "physical_offset": 12160, + "flags": "WA", + "name": ".got" + }, + { + "section_type": "PROGBITS", + "virtual_address": 16384, + "size": 16, + "physical_offset": 12288, + "flags": "WA", + "name": ".data" + }, + { + "virtual_address": 16400, + "section_type": "NOBITS", + "size": 8, + "physical_offset": 12304, + "flags": "WA", + "name": ".bss" + }, + { + "section_type": "PROGBITS", + "virtual_address": 0, + "size": 69, + "physical_offset": 12304, + "flags": "", + "name": ".gnu_debugaltlink" + }, + { + "section_type": "PROGBITS", + "virtual_address": 0, + "size": 52, + "physical_offset": 12376, + "flags": "", + "name": ".gnu_debuglink" + }, + { + "section_type": "STRTAB", + "virtual_address": 0, + "size": 262, + "physical_offset": 12428, + "flags": "", + "name": ".shstrtab" + } + ] + } + }, + "ecs": { + "version": "1.6.0" + }, + "service": { + "type": "virustotal" + }, + "host": { + "name": "eBook" + }, + "virustotal": { + "type_tag": "elf", + "magic": "ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.2.0, stripped", + "downloadable": true, + "context_attributes": {}, + "exiftool": { + "file_type_extension": "so", + "mime_type": "application/octet-stream", + "cpu_byte_order": "Little endian", + "file_type": "ELF shared library", + "cpu_type": "AMD x86-64", + "object_file_type": "Shared object file", + "cpu_architecture": "64 bit" + }, + "community": { + "total_votes": { + "malicious": 0, + "harmless": 0 + }, + "reputation": 0 + }, + "analysis": { + "date": "2020-10-28T01:20:28.000Z", + "stats": { + "malicious": 0, + "type-unsupported": 12, + "failure": 0, + "undetected": 63, + "suspicious": 0, + "confirmed-timeout": 0, + "harmless": 0, + "timeout": 0 + }, + "results": [ + { + "result": null, + "method": "blacklist", + "engine_name": "Sangfor", + "engine_version": "1.0", + "category": "undetected", + "engine_update": "20201021" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zoner", + "category": "undetected", + "engine_version": "0.0.0.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Alibaba", + "engine_version": "0.3.0.5", + "category": "type-unsupported", + "engine_update": "20190527" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cylance", + "category": "type-unsupported", + "engine_version": "2.3.1.101", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MaxSecure", + "engine_version": "1.0.0.1", + "category": "undetected", + "engine_update": "20201026" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MicroWorld-eScan", + "category": "undetected", + "engine_version": "14.0.409.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AVG", + "category": "undetected", + "engine_version": "18.4.3895.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CMC", + "category": "undetected", + "engine_version": "2.7.2019.1", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ClamAV", + "engine_version": "0.102.3.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7GW", + "category": "undetected", + "engine_version": "11.147.35573", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TotalDefense", + "category": "undetected", + "engine_version": "37.1.62.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Webroot", + "engine_version": "1.0.0.403", + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VIPRE", + "category": "undetected", + "engine_version": "87760", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cybereason", + "category": "type-unsupported", + "engine_version": "1.2.449", + "engine_update": "20190616" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "DrWeb", + "engine_version": "7.0.49.9080", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MAX", + "category": "undetected", + "engine_version": "2019.9.16.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TACHYON", + "category": "undetected", + "engine_version": "2020-10-27.02", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TrendMicro-HouseCall", + "category": "undetected", + "engine_version": "10.0.0.1040", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Baidu", + "category": "undetected", + "engine_version": "1.0.0.2", + "engine_update": "20190318" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Comodo", + "category": "undetected", + "engine_version": "32936", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ESET-NOD32", + "category": "undetected", + "engine_version": "22222", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee", + "category": "undetected", + "engine_version": "6.0.6.653", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Acronis", + "category": "undetected", + "engine_version": "1.1.1.80", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AegisLab", + "engine_version": "4.2", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Arcabit", + "category": "undetected", + "engine_version": "1.0.0.881", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Fortinet", + "engine_version": "6.2.142.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TrendMicro", + "category": "undetected", + "engine_version": "11.0.0.1006", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avira", + "category": "undetected", + "engine_version": "8.3.3.8", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Invincea", + "category": "undetected", + "engine_version": "1.0.1.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee-GW-Edition", + "category": "undetected", + "engine_version": "v2019.1.2+3728", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SUPERAntiSpyware", + "engine_version": "5.6.0.1032", + "category": "undetected", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AhnLab-V3", + "category": "undetected", + "engine_version": "3.18.2.10046", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CAT-QuickHeal", + "engine_version": "14.00", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Yandex", + "category": "undetected", + "engine_version": "5.5.2.24", + "engine_update": "20201024" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "BitDefenderTheta", + "engine_version": "7.2.37796.0", + "category": "undetected", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CrowdStrike", + "category": "type-unsupported", + "engine_version": "1.0", + "engine_update": "20190702" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "F-Secure", + "engine_version": "12.0.86.52", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Ikarus", + "category": "undetected", + "engine_version": "0.1.5.2", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ALYac", + "category": "undetected", + "engine_version": "1.1.1.5", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Ad-Aware", + "category": "undetected", + "engine_version": "3.0.16.117", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast", + "engine_version": "18.4.3895.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "BitDefender", + "category": "undetected", + "engine_version": "7.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "NANO-Antivirus", + "engine_version": "1.0.146.25233", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SymantecMobileInsight", + "category": "type-unsupported", + "engine_version": "2.0", + "engine_update": "20200813" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Jiangmin", + "engine_version": "16.0.100", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7AntiVirus", + "category": "undetected", + "engine_version": "11.147.35573", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kaspersky", + "engine_version": "15.0.1.13", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kingsoft", + "category": "undetected", + "engine_version": "2013.8.14.323", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ZoneAlarm", + "category": "undetected", + "engine_version": "1.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Paloalto", + "engine_version": "1.0", + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Panda", + "category": "undetected", + "engine_version": "4.6.4.2", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Tencent", + "category": "undetected", + "engine_version": "1.0.0.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VBA32", + "engine_version": "4.4.1", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Bkav", + "category": "undetected", + "engine_version": "1.3.0.9899", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Microsoft", + "category": "undetected", + "engine_version": "1.1.17500.4", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Qihoo-360", + "category": "undetected", + "engine_version": "1.0.0.1120", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Antiy-AVL", + "category": "undetected", + "engine_version": "3.0.0.1", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SentinelOne", + "engine_version": "4.5.0.1", + "category": "undetected", + "engine_update": "20201008" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Sophos", + "engine_version": "4.98.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ViRobot", + "category": "undetected", + "engine_version": "2014.3.20.0", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zillya", + "engine_version": "2.0.0.4208", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "APEX", + "engine_version": "6.89", + "category": "type-unsupported", + "engine_update": "20201025" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cynet", + "category": "undetected", + "engine_version": "4.0.0.24", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Elastic", + "category": "type-unsupported", + "engine_version": "4.0.11", + "engine_update": "20201012" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Rising", + "category": "undetected", + "engine_version": "25.0.0.26", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "GData", + "engine_version": "A:25.27515B:27.20674", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Malwarebytes", + "engine_version": "3.6.4.335", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Symantec", + "engine_version": "1.13.0.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trapmine", + "category": "type-unsupported", + "engine_version": "3.5.0.1023", + "engine_update": "20200727" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "eGambit", + "engine_version": null, + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trustlook", + "category": "type-unsupported", + "engine_version": "1.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast-Mobile", + "category": "undetected", + "engine_version": "201027-00", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cyren", + "category": "undetected", + "engine_version": "6.3.0.2", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Emsisoft", + "category": "undetected", + "engine_version": "2018.12.0.1641", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "FireEye", + "category": "undetected", + "engine_version": "32.36.1.0", + "engine_update": "20201027" + } + ] + }, + "tags": [ + "64bits", + "elf", + "shared-lib" + ], + "trid": [ + { + "file_type": "ELF Executable and Linkable format (Linux)", + "probability": 50.1 + }, + { + "file_type": "ELF Executable and Linkable format (generic)", + "probability": 49.8 + } + ], + "notification": { + "date": "2020-10-28T02:20:29.000Z", + "snippet": "", + "tags": [ + "elf_64", + "elf", + "amd64", + "40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0" + ] + }, + "attributes": {}, + "submission": { + "submission_count": 1, + "first_submitted": "2020-10-28T01:20:28.000Z", + "source": { + "geo": { + "country_iso_code": "US" + }, + "key": "7701080b" + }, + "last_submitted": "2020-10-28T01:20:28.000Z", + "unique_sources": 1 + }, + "id": "40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0", + "last_modified": "2020-10-28T03:21:18.000Z", + "hash": { + "vhash": "7c6d2998312f316414c3a61297609069" + }, + "type_description": "ELF" + }, + "event": { + "reference": "https://www.virustotal.com/gui/file/40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0", + "ingested": "2020-10-28T14:21:10.046437363Z", + "original": "{\"attributes\":{\"downloadable\":true,\"elf_info\":{\"header\":{\"abi_version\":0,\"class\":\"ELF64\",\"data\":\"2's complement, little endian\",\"entrypoint\":4480,\"hdr_version\":\"1 (current)\",\"machine\":\"Advanced Micro Devices X86-64\",\"num_prog_headers\":11,\"num_section_headers\":28,\"obj_version\":\"0x1\",\"os_abi\":\"UNIX - System V\",\"type\":\"DYN (Shared object file)\"},\"import_list\":[{\"name\":\"getenv\",\"type\":\"FUNC\"},{\"name\":\"closelog\",\"type\":\"FUNC\"},{\"name\":\"_ITM_deregisterTMCloneTable\",\"type\":\"NOTYPE\"},{\"name\":\"puts\",\"type\":\"FUNC\"},{\"name\":\"getuid\",\"type\":\"FUNC\"},{\"name\":\"__libc_start_main\",\"type\":\"FUNC\"},{\"name\":\"__gmon_start__\",\"type\":\"NOTYPE\"},{\"name\":\"getlogin\",\"type\":\"FUNC\"},{\"name\":\"ttyname\",\"type\":\"FUNC\"},{\"name\":\"__syslog_chk\",\"type\":\"FUNC\"},{\"name\":\"openlog\",\"type\":\"FUNC\"},{\"name\":\"_ITM_registerTMCloneTable\",\"type\":\"NOTYPE\"},{\"name\":\"__cxa_finalize\",\"type\":\"FUNC\"}],\"section_list\":[{\"flags\":\"\",\"name\":\"\",\"phisical_offset\":0,\"section_type\":\"NULL\",\"size\":0,\"virtual_address\":0},{\"flags\":\"A\",\"name\":\".interp\",\"phisical_offset\":680,\"section_type\":\"PROGBITS\",\"size\":28,\"virtual_address\":680},{\"flags\":\"A\",\"name\":\".note.gnu.build-id\",\"phisical_offset\":708,\"section_type\":\"NOTE\",\"size\":36,\"virtual_address\":708},{\"flags\":\"A\",\"name\":\".note.ABI-tag\",\"phisical_offset\":744,\"section_type\":\"NOTE\",\"size\":32,\"virtual_address\":744},{\"flags\":\"A\",\"name\":\".gnu.hash\",\"phisical_offset\":776,\"section_type\":\"GNU_HASH\",\"size\":36,\"virtual_address\":776},{\"flags\":\"A\",\"name\":\".dynsym\",\"phisical_offset\":816,\"section_type\":\"DYNSYM\",\"size\":336,\"virtual_address\":816},{\"flags\":\"A\",\"name\":\".dynstr\",\"phisical_offset\":1152,\"section_type\":\"STRTAB\",\"size\":201,\"virtual_address\":1152},{\"flags\":\"A\",\"name\":\".gnu.version\",\"phisical_offset\":1354,\"section_type\":\"VERSYM\",\"size\":28,\"virtual_address\":1354},{\"flags\":\"A\",\"name\":\".gnu.version_r\",\"phisical_offset\":1384,\"section_type\":\"VERNEED\",\"size\":48,\"virtual_address\":1384},{\"flags\":\"A\",\"name\":\".rela.dyn\",\"phisical_offset\":1432,\"section_type\":\"RELA\",\"size\":192,\"virtual_address\":1432},{\"flags\":\"AI\",\"name\":\".rela.plt\",\"phisical_offset\":1624,\"section_type\":\"RELA\",\"size\":192,\"virtual_address\":1624},{\"flags\":\"AX\",\"name\":\".init\",\"phisical_offset\":4096,\"section_type\":\"PROGBITS\",\"size\":23,\"virtual_address\":4096},{\"flags\":\"AX\",\"name\":\".plt\",\"phisical_offset\":4128,\"section_type\":\"PROGBITS\",\"size\":144,\"virtual_address\":4128},{\"flags\":\"AX\",\"name\":\".plt.got\",\"phisical_offset\":4272,\"section_type\":\"PROGBITS\",\"size\":8,\"virtual_address\":4272},{\"flags\":\"AX\",\"name\":\".text\",\"phisical_offset\":4288,\"section_type\":\"PROGBITS\",\"size\":529,\"virtual_address\":4288},{\"flags\":\"AX\",\"name\":\".fini\",\"phisical_offset\":4820,\"section_type\":\"PROGBITS\",\"size\":9,\"virtual_address\":4820},{\"flags\":\"A\",\"name\":\".rodata\",\"phisical_offset\":8192,\"section_type\":\"PROGBITS\",\"size\":153,\"virtual_address\":8192},{\"flags\":\"A\",\"name\":\".eh_frame_hdr\",\"phisical_offset\":8348,\"section_type\":\"PROGBITS\",\"size\":60,\"virtual_address\":8348},{\"flags\":\"A\",\"name\":\".eh_frame\",\"phisical_offset\":8408,\"section_type\":\"PROGBITS\",\"size\":304,\"virtual_address\":8408},{\"flags\":\"WA\",\"name\":\".init_array\",\"phisical_offset\":11648,\"section_type\":\"INIT_ARRAY\",\"size\":8,\"virtual_address\":15744},{\"flags\":\"WA\",\"name\":\".fini_array\",\"phisical_offset\":11656,\"section_type\":\"FINI_ARRAY\",\"size\":8,\"virtual_address\":15752},{\"flags\":\"WA\",\"name\":\".dynamic\",\"phisical_offset\":11664,\"section_type\":\"DYNAMIC\",\"size\":496,\"virtual_address\":15760},{\"flags\":\"WA\",\"name\":\".got\",\"phisical_offset\":12160,\"section_type\":\"PROGBITS\",\"size\":128,\"virtual_address\":16256},{\"flags\":\"WA\",\"name\":\".data\",\"phisical_offset\":12288,\"section_type\":\"PROGBITS\",\"size\":16,\"virtual_address\":16384},{\"flags\":\"WA\",\"name\":\".bss\",\"phisical_offset\":12304,\"section_type\":\"NOBITS\",\"size\":8,\"virtual_address\":16400},{\"flags\":\"\",\"name\":\".gnu_debugaltlink\",\"phisical_offset\":12304,\"section_type\":\"PROGBITS\",\"size\":69,\"virtual_address\":0},{\"flags\":\"\",\"name\":\".gnu_debuglink\",\"phisical_offset\":12376,\"section_type\":\"PROGBITS\",\"size\":52,\"virtual_address\":0},{\"flags\":\"\",\"name\":\".shstrtab\",\"phisical_offset\":12428,\"section_type\":\"STRTAB\",\"size\":262,\"virtual_address\":0}],\"segment_list\":[{\"resources\":[],\"segment_type\":\"PHDR\"},{\"resources\":[\".interp\"],\"segment_type\":\"INTERP\"},{\"resources\":[\".interp\",\".note.gnu.build-id\",\".note.ABI-tag\",\".gnu.hash\",\".dynsym\",\".dynstr\",\".gnu.version\",\".gnu.version_r\",\".rela.dyn\",\".rela.plt\"],\"segment_type\":\"LOAD\"},{\"resources\":[\".init\",\".plt\",\".plt.got\",\".text\",\".fini\"],\"segment_type\":\"LOAD\"},{\"resources\":[\".rodata\",\".eh_frame_hdr\",\".eh_frame\"],\"segment_type\":\"LOAD\"},{\"resources\":[\".init_array\",\".fini_array\",\".dynamic\",\".got\",\".data\",\".bss\"],\"segment_type\":\"LOAD\"},{\"resources\":[\".dynamic\"],\"segment_type\":\"DYNAMIC\"},{\"resources\":[\".note.gnu.build-id\",\".note.ABI-tag\"],\"segment_type\":\"NOTE\"},{\"resources\":[\".eh_frame_hdr\"],\"segment_type\":\"GNU_EH_FRAME\"},{\"resources\":[],\"segment_type\":\"GNU_STACK\"},{\"resources\":[\".init_array\",\".fini_array\",\".dynamic\",\".got\"],\"segment_type\":\"GNU_RELRO\"}],\"shared_libraries\":[\"libc.so.6\"]},\"exiftool\":{\"CPUArchitecture\":\"64 bit\",\"CPUByteOrder\":\"Little endian\",\"CPUType\":\"AMD x86-64\",\"FileType\":\"ELF shared library\",\"FileTypeExtension\":\"so\",\"MIMEType\":\"application/octet-stream\",\"ObjectFileType\":\"Shared object file\"},\"first_submission_date\":1603848028,\"last_analysis_date\":1603848028,\"last_analysis_results\":{\"ALYac\":{\"category\":\"undetected\",\"engine_name\":\"ALYac\",\"engine_update\":\"20201027\",\"engine_version\":\"1.1.1.5\",\"method\":\"blacklist\",\"result\":null},\"APEX\":{\"category\":\"type-unsupported\",\"engine_name\":\"APEX\",\"engine_update\":\"20201025\",\"engine_version\":\"6.89\",\"method\":\"blacklist\",\"result\":null},\"AVG\":{\"category\":\"undetected\",\"engine_name\":\"AVG\",\"engine_update\":\"20201027\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Acronis\":{\"category\":\"undetected\",\"engine_name\":\"Acronis\",\"engine_update\":\"20201023\",\"engine_version\":\"1.1.1.80\",\"method\":\"blacklist\",\"result\":null},\"Ad-Aware\":{\"category\":\"undetected\",\"engine_name\":\"Ad-Aware\",\"engine_update\":\"20201028\",\"engine_version\":\"3.0.16.117\",\"method\":\"blacklist\",\"result\":null},\"AegisLab\":{\"category\":\"undetected\",\"engine_name\":\"AegisLab\",\"engine_update\":\"20201027\",\"engine_version\":\"4.2\",\"method\":\"blacklist\",\"result\":null},\"AhnLab-V3\":{\"category\":\"undetected\",\"engine_name\":\"AhnLab-V3\",\"engine_update\":\"20201027\",\"engine_version\":\"3.18.2.10046\",\"method\":\"blacklist\",\"result\":null},\"Alibaba\":{\"category\":\"type-unsupported\",\"engine_name\":\"Alibaba\",\"engine_update\":\"20190527\",\"engine_version\":\"0.3.0.5\",\"method\":\"blacklist\",\"result\":null},\"Antiy-AVL\":{\"category\":\"undetected\",\"engine_name\":\"Antiy-AVL\",\"engine_update\":\"20201027\",\"engine_version\":\"3.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"Arcabit\":{\"category\":\"undetected\",\"engine_name\":\"Arcabit\",\"engine_update\":\"20201027\",\"engine_version\":\"1.0.0.881\",\"method\":\"blacklist\",\"result\":null},\"Avast\":{\"category\":\"undetected\",\"engine_name\":\"Avast\",\"engine_update\":\"20201027\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Avast-Mobile\":{\"category\":\"undetected\",\"engine_name\":\"Avast-Mobile\",\"engine_update\":\"20201027\",\"engine_version\":\"201027-00\",\"method\":\"blacklist\",\"result\":null},\"Avira\":{\"category\":\"undetected\",\"engine_name\":\"Avira\",\"engine_update\":\"20201027\",\"engine_version\":\"8.3.3.8\",\"method\":\"blacklist\",\"result\":null},\"Baidu\":{\"category\":\"undetected\",\"engine_name\":\"Baidu\",\"engine_update\":\"20190318\",\"engine_version\":\"1.0.0.2\",\"method\":\"blacklist\",\"result\":null},\"BitDefender\":{\"category\":\"undetected\",\"engine_name\":\"BitDefender\",\"engine_update\":\"20201028\",\"engine_version\":\"7.2\",\"method\":\"blacklist\",\"result\":null},\"BitDefenderTheta\":{\"category\":\"undetected\",\"engine_name\":\"BitDefenderTheta\",\"engine_update\":\"20201023\",\"engine_version\":\"7.2.37796.0\",\"method\":\"blacklist\",\"result\":null},\"Bkav\":{\"category\":\"undetected\",\"engine_name\":\"Bkav\",\"engine_update\":\"20201027\",\"engine_version\":\"1.3.0.9899\",\"method\":\"blacklist\",\"result\":null},\"CAT-QuickHeal\":{\"category\":\"undetected\",\"engine_name\":\"CAT-QuickHeal\",\"engine_update\":\"20201027\",\"engine_version\":\"14.00\",\"method\":\"blacklist\",\"result\":null},\"CMC\":{\"category\":\"undetected\",\"engine_name\":\"CMC\",\"engine_update\":\"20201027\",\"engine_version\":\"2.7.2019.1\",\"method\":\"blacklist\",\"result\":null},\"ClamAV\":{\"category\":\"undetected\",\"engine_name\":\"ClamAV\",\"engine_update\":\"20201027\",\"engine_version\":\"0.102.3.0\",\"method\":\"blacklist\",\"result\":null},\"Comodo\":{\"category\":\"undetected\",\"engine_name\":\"Comodo\",\"engine_update\":\"20201027\",\"engine_version\":\"32936\",\"method\":\"blacklist\",\"result\":null},\"CrowdStrike\":{\"category\":\"type-unsupported\",\"engine_name\":\"CrowdStrike\",\"engine_update\":\"20190702\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Cybereason\":{\"category\":\"type-unsupported\",\"engine_name\":\"Cybereason\",\"engine_update\":\"20190616\",\"engine_version\":\"1.2.449\",\"method\":\"blacklist\",\"result\":null},\"Cylance\":{\"category\":\"type-unsupported\",\"engine_name\":\"Cylance\",\"engine_update\":\"20201028\",\"engine_version\":\"2.3.1.101\",\"method\":\"blacklist\",\"result\":null},\"Cynet\":{\"category\":\"undetected\",\"engine_name\":\"Cynet\",\"engine_update\":\"20201027\",\"engine_version\":\"4.0.0.24\",\"method\":\"blacklist\",\"result\":null},\"Cyren\":{\"category\":\"undetected\",\"engine_name\":\"Cyren\",\"engine_update\":\"20201027\",\"engine_version\":\"6.3.0.2\",\"method\":\"blacklist\",\"result\":null},\"DrWeb\":{\"category\":\"undetected\",\"engine_name\":\"DrWeb\",\"engine_update\":\"20201028\",\"engine_version\":\"7.0.49.9080\",\"method\":\"blacklist\",\"result\":null},\"ESET-NOD32\":{\"category\":\"undetected\",\"engine_name\":\"ESET-NOD32\",\"engine_update\":\"20201027\",\"engine_version\":\"22222\",\"method\":\"blacklist\",\"result\":null},\"Elastic\":{\"category\":\"type-unsupported\",\"engine_name\":\"Elastic\",\"engine_update\":\"20201012\",\"engine_version\":\"4.0.11\",\"method\":\"blacklist\",\"result\":null},\"Emsisoft\":{\"category\":\"undetected\",\"engine_name\":\"Emsisoft\",\"engine_update\":\"20201027\",\"engine_version\":\"2018.12.0.1641\",\"method\":\"blacklist\",\"result\":null},\"F-Secure\":{\"category\":\"undetected\",\"engine_name\":\"F-Secure\",\"engine_update\":\"20201028\",\"engine_version\":\"12.0.86.52\",\"method\":\"blacklist\",\"result\":null},\"FireEye\":{\"category\":\"undetected\",\"engine_name\":\"FireEye\",\"engine_update\":\"20201027\",\"engine_version\":\"32.36.1.0\",\"method\":\"blacklist\",\"result\":null},\"Fortinet\":{\"category\":\"undetected\",\"engine_name\":\"Fortinet\",\"engine_update\":\"20201027\",\"engine_version\":\"6.2.142.0\",\"method\":\"blacklist\",\"result\":null},\"GData\":{\"category\":\"undetected\",\"engine_name\":\"GData\",\"engine_update\":\"20201027\",\"engine_version\":\"A:25.27515B:27.20674\",\"method\":\"blacklist\",\"result\":null},\"Ikarus\":{\"category\":\"undetected\",\"engine_name\":\"Ikarus\",\"engine_update\":\"20201027\",\"engine_version\":\"0.1.5.2\",\"method\":\"blacklist\",\"result\":null},\"Invincea\":{\"category\":\"undetected\",\"engine_name\":\"Invincea\",\"engine_update\":\"20201027\",\"engine_version\":\"1.0.1.0\",\"method\":\"blacklist\",\"result\":null},\"Jiangmin\":{\"category\":\"undetected\",\"engine_name\":\"Jiangmin\",\"engine_update\":\"20201027\",\"engine_version\":\"16.0.100\",\"method\":\"blacklist\",\"result\":null},\"K7AntiVirus\":{\"category\":\"undetected\",\"engine_name\":\"K7AntiVirus\",\"engine_update\":\"20201027\",\"engine_version\":\"11.147.35573\",\"method\":\"blacklist\",\"result\":null},\"K7GW\":{\"category\":\"undetected\",\"engine_name\":\"K7GW\",\"engine_update\":\"20201027\",\"engine_version\":\"11.147.35573\",\"method\":\"blacklist\",\"result\":null},\"Kaspersky\":{\"category\":\"undetected\",\"engine_name\":\"Kaspersky\",\"engine_update\":\"20201028\",\"engine_version\":\"15.0.1.13\",\"method\":\"blacklist\",\"result\":null},\"Kingsoft\":{\"category\":\"undetected\",\"engine_name\":\"Kingsoft\",\"engine_update\":\"20201028\",\"engine_version\":\"2013.8.14.323\",\"method\":\"blacklist\",\"result\":null},\"MAX\":{\"category\":\"undetected\",\"engine_name\":\"MAX\",\"engine_update\":\"20201028\",\"engine_version\":\"2019.9.16.1\",\"method\":\"blacklist\",\"result\":null},\"Malwarebytes\":{\"category\":\"undetected\",\"engine_name\":\"Malwarebytes\",\"engine_update\":\"20201028\",\"engine_version\":\"3.6.4.335\",\"method\":\"blacklist\",\"result\":null},\"MaxSecure\":{\"category\":\"undetected\",\"engine_name\":\"MaxSecure\",\"engine_update\":\"20201026\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"McAfee\":{\"category\":\"undetected\",\"engine_name\":\"McAfee\",\"engine_update\":\"20201028\",\"engine_version\":\"6.0.6.653\",\"method\":\"blacklist\",\"result\":null},\"McAfee-GW-Edition\":{\"category\":\"undetected\",\"engine_name\":\"McAfee-GW-Edition\",\"engine_update\":\"20201027\",\"engine_version\":\"v2019.1.2+3728\",\"method\":\"blacklist\",\"result\":null},\"MicroWorld-eScan\":{\"category\":\"undetected\",\"engine_name\":\"MicroWorld-eScan\",\"engine_update\":\"20201027\",\"engine_version\":\"14.0.409.0\",\"method\":\"blacklist\",\"result\":null},\"Microsoft\":{\"category\":\"undetected\",\"engine_name\":\"Microsoft\",\"engine_update\":\"20201027\",\"engine_version\":\"1.1.17500.4\",\"method\":\"blacklist\",\"result\":null},\"NANO-Antivirus\":{\"category\":\"undetected\",\"engine_name\":\"NANO-Antivirus\",\"engine_update\":\"20201027\",\"engine_version\":\"1.0.146.25233\",\"method\":\"blacklist\",\"result\":null},\"Paloalto\":{\"category\":\"type-unsupported\",\"engine_name\":\"Paloalto\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Panda\":{\"category\":\"undetected\",\"engine_name\":\"Panda\",\"engine_update\":\"20201027\",\"engine_version\":\"4.6.4.2\",\"method\":\"blacklist\",\"result\":null},\"Qihoo-360\":{\"category\":\"undetected\",\"engine_name\":\"Qihoo-360\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1120\",\"method\":\"blacklist\",\"result\":null},\"Rising\":{\"category\":\"undetected\",\"engine_name\":\"Rising\",\"engine_update\":\"20201027\",\"engine_version\":\"25.0.0.26\",\"method\":\"blacklist\",\"result\":null},\"SUPERAntiSpyware\":{\"category\":\"undetected\",\"engine_name\":\"SUPERAntiSpyware\",\"engine_update\":\"20201023\",\"engine_version\":\"5.6.0.1032\",\"method\":\"blacklist\",\"result\":null},\"Sangfor\":{\"category\":\"undetected\",\"engine_name\":\"Sangfor\",\"engine_update\":\"20201021\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"SentinelOne\":{\"category\":\"undetected\",\"engine_name\":\"SentinelOne\",\"engine_update\":\"20201008\",\"engine_version\":\"4.5.0.1\",\"method\":\"blacklist\",\"result\":null},\"Sophos\":{\"category\":\"undetected\",\"engine_name\":\"Sophos\",\"engine_update\":\"20201027\",\"engine_version\":\"4.98.0\",\"method\":\"blacklist\",\"result\":null},\"Symantec\":{\"category\":\"undetected\",\"engine_name\":\"Symantec\",\"engine_update\":\"20201027\",\"engine_version\":\"1.13.0.0\",\"method\":\"blacklist\",\"result\":null},\"SymantecMobileInsight\":{\"category\":\"type-unsupported\",\"engine_name\":\"SymantecMobileInsight\",\"engine_update\":\"20200813\",\"engine_version\":\"2.0\",\"method\":\"blacklist\",\"result\":null},\"TACHYON\":{\"category\":\"undetected\",\"engine_name\":\"TACHYON\",\"engine_update\":\"20201027\",\"engine_version\":\"2020-10-27.02\",\"method\":\"blacklist\",\"result\":null},\"Tencent\":{\"category\":\"undetected\",\"engine_name\":\"Tencent\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"TotalDefense\":{\"category\":\"undetected\",\"engine_name\":\"TotalDefense\",\"engine_update\":\"20201028\",\"engine_version\":\"37.1.62.1\",\"method\":\"blacklist\",\"result\":null},\"Trapmine\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trapmine\",\"engine_update\":\"20200727\",\"engine_version\":\"3.5.0.1023\",\"method\":\"blacklist\",\"result\":null},\"TrendMicro\":{\"category\":\"undetected\",\"engine_name\":\"TrendMicro\",\"engine_update\":\"20201027\",\"engine_version\":\"11.0.0.1006\",\"method\":\"blacklist\",\"result\":null},\"TrendMicro-HouseCall\":{\"category\":\"undetected\",\"engine_name\":\"TrendMicro-HouseCall\",\"engine_update\":\"20201027\",\"engine_version\":\"10.0.0.1040\",\"method\":\"blacklist\",\"result\":null},\"Trustlook\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trustlook\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"VBA32\":{\"category\":\"undetected\",\"engine_name\":\"VBA32\",\"engine_update\":\"20201027\",\"engine_version\":\"4.4.1\",\"method\":\"blacklist\",\"result\":null},\"VIPRE\":{\"category\":\"undetected\",\"engine_name\":\"VIPRE\",\"engine_update\":\"20201028\",\"engine_version\":\"87760\",\"method\":\"blacklist\",\"result\":null},\"ViRobot\":{\"category\":\"undetected\",\"engine_name\":\"ViRobot\",\"engine_update\":\"20201027\",\"engine_version\":\"2014.3.20.0\",\"method\":\"blacklist\",\"result\":null},\"Webroot\":{\"category\":\"type-unsupported\",\"engine_name\":\"Webroot\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.403\",\"method\":\"blacklist\",\"result\":null},\"Yandex\":{\"category\":\"undetected\",\"engine_name\":\"Yandex\",\"engine_update\":\"20201024\",\"engine_version\":\"5.5.2.24\",\"method\":\"blacklist\",\"result\":null},\"Zillya\":{\"category\":\"undetected\",\"engine_name\":\"Zillya\",\"engine_update\":\"20201027\",\"engine_version\":\"2.0.0.4208\",\"method\":\"blacklist\",\"result\":null},\"ZoneAlarm\":{\"category\":\"undetected\",\"engine_name\":\"ZoneAlarm\",\"engine_update\":\"20201027\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Zoner\":{\"category\":\"undetected\",\"engine_name\":\"Zoner\",\"engine_update\":\"20201027\",\"engine_version\":\"0.0.0.0\",\"method\":\"blacklist\",\"result\":null},\"eGambit\":{\"category\":\"type-unsupported\",\"engine_name\":\"eGambit\",\"engine_update\":\"20201028\",\"engine_version\":null,\"method\":\"blacklist\",\"result\":null}},\"last_analysis_stats\":{\"confirmed-timeout\":0,\"failure\":0,\"harmless\":0,\"malicious\":0,\"suspicious\":0,\"timeout\":0,\"type-unsupported\":12,\"undetected\":63},\"last_modification_date\":1603855278,\"last_submission_date\":1603848028,\"magic\":\"ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.2.0, stripped\",\"md5\":\"e0ac0bf8cb4f08cc8545be7a81bbd612\",\"meaningful_name\":\"nologin\",\"names\":[\"nologin\"],\"reputation\":0,\"sha1\":\"6d363ad608ed781f594c7a4064527e0bd99d456c\",\"sha256\":\"40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0\",\"size\":14488,\"ssdeep\":\"96:R6oSTCmVB+BxDtumvc2kQ/8lLzMQMdoiV5mOpQbg4fx:RMjwPQ52ilLInoiWOyg\",\"tags\":[\"64bits\",\"elf\",\"shared-lib\"],\"telfhash\":\"t12b90041fc07d014055d1f00000c0103500d5571c733fd7443fdc70717415001310154c\",\"times_submitted\":1,\"tlsh\":\"T1F6524009E766CE3FD9B8077884970F3031B8A844A3634723631C767D2E52794EB4A9DB\",\"total_votes\":{\"harmless\":0,\"malicious\":0},\"trid\":[{\"file_type\":\"ELF Executable and Linkable format (Linux)\",\"probability\":50.1},{\"file_type\":\"ELF Executable and Linkable format (generic)\",\"probability\":49.8}],\"type_description\":\"ELF\",\"type_tag\":\"elf\",\"unique_sources\":1,\"vhash\":\"7c6d2998312f316414c3a61297609069\"},\"context_attributes\":{\"match_in_subfile\":false,\"notification_date\":1603851629,\"notification_id\":\"1672592021568177-4895900794650624-d6b0cadbcc335e75d43b89d9b119e0a7\",\"notification_snippet\":\"\",\"notification_source_country\":\"US\",\"notification_source_key\":\"7701080b\",\"notification_tags\":[\"elf_64\",\"elf\",\"amd64\",\"40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0\"],\"rule_name\":\"elf_64\",\"rule_tags\":[\"elf\",\"amd64\"],\"ruleset_id\":\"4895900794650624\",\"ruleset_name\":\"ELF\"},\"id\":\"40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0\",\"links\":{\"self\":\"https://www.virustotal.com/api/v3/files/40b3e71d713e7c755c0316a1baa566d09eedb78543e0459ef3cb9eeffb9992b0\"},\"type\":\"file\"}", + "kind": "alert", + "created": "2020-10-28T14:21:07.768Z", + "module": "virustotal", + "category": "file", + "type": "info", + "dataset": "virustotal.livehunt" + } +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/ingest/pipeline.yml b/x-pack/filebeat/module/virustotal/livehunt/ingest/pipeline.yml new file mode 100644 index 00000000000..58358d073ef --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/ingest/pipeline.yml @@ -0,0 +1,78 @@ +# spellchecker: disable +description: Pipeline for normalizing VirusTotal Live Hunt notifications +processors: +- set: + field: event.ingested + value: '{{_ingest.timestamp}}' +- set: + field: event.created + value: '{{@timestamp}}' + +- date: + field: virustotal.notification.date + formats: + - UNIX + +- date: + field: virustotal.notification.date + target_field: virustotal.notification.date + formats: + - UNIX + +- date: + field: virustotal.analysis.date + target_field: virustotal.analysis.date + formats: + - UNIX + +- date: + field: file.pe.creation_date + target_field: file.pe.creation_date + ignore_failure: True + formats: + - UNIX + +- date: + field: file.elf.creation_date + target_field: file.elf.creation_date + ignore_failure: True + formats: + - UNIX + +- date: + field: virustotal.submission.first_submitted + target_field: virustotal.submission.first_submitted + formats: + - UNIX + +- date: + field: virustotal.submission.last_submitted + target_field: virustotal.submission.last_submitted + formats: + - UNIX + +- date: + field: virustotal.last_modified + target_field: virustotal.last_modified + formats: + - UNIX + +- date: + field: file.pe.compile_timestamp + target_field: file.pe.compile_timestamp + ignore_failure: True + formats: + - UNIX + +- date: + field: virustotal.analysis.results.engine_update + ignore_failure: True + formats: + - yyyyMMdd + +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' + + diff --git a/x-pack/filebeat/module/virustotal/livehunt/macho.example.json b/x-pack/filebeat/module/virustotal/livehunt/macho.example.json new file mode 100644 index 00000000000..468ea21ca76 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/macho.example.json @@ -0,0 +1,975 @@ +{ + "agent": { + "name": "eBook", + "id": "e5d3e809-401f-4da8-bb38-629ac1bfc1de", + "ephemeral_id": "9d521278-e4c9-41b8-bd0a-9aa615b855a8", + "type": "filebeat", + "version": "8.0.0" + }, + "rule": { + "ruleset_id": "5192592417652736", + "name": "macho", + "ruleset": "macho", + "match_in_subfile": false, + "tags": [ + "noise" + ] + }, + "fileset": { + "name": "livehunt" + }, + "input": { + "type": "httpjson" + }, + "@timestamp": "2020-10-28T16:10:34.000Z", + "file": { + "size": 81408, + "mime_type": "application/x-mach-o-executable", + "name": [ + "HandBrakeXPCService3" + ], + "hash": { + "sha1": "be99bc06c676157b9216cd1128c3026a67f88190", + "sha256": "501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de", + "tlsh": "T14783E719EB4009EBC19EC135492B47052318E3191A2D7B6F52D3D2A86FF5FEA5F20F86", + "ssdeep": "768:IkBMI4Q/lFFigUp0ZrYKi0v+5uRU3RdMvfECin3BAVdAnM5MIqyA+o85dyA3:IkBEQNFFiEiU0BAVdAnM5Mx+o853", + "md5": "bc78a533a6445df15622f38198604d74" + } + }, + "ecs": { + "version": "1.6.0" + }, + "service": { + "type": "virustotal" + }, + "host": { + "name": "eBook" + }, + "virustotal": { + "magic": "Mach-O 64-bit executable", + "type_tag": "macho", + "downloadable": true, + "context_attributes": {}, + "exiftool": { + "mime_type": "application/octet-stream", + "file_type": "Mach-O executable", + "cpu_byte_order": "Little endian", + "cpu_type": "x86 64-bit", + "object_file_type": "Demand paged executable", + "object_flags": "No undefs, Dyld link, Two level, Random address", + "cpu_architecture": "64 bit", + "cpu_subtype": "i386 (all) 64-bit" + }, + "community": { + "total_votes": { + "malicious": 0, + "harmless": 0 + }, + "reputation": 0 + }, + "analysis": { + "date": "2020-10-28T13:32:03.000Z", + "stats": { + "malicious": 0, + "type-unsupported": 11, + "failure": 0, + "undetected": 61, + "confirmed-timeout": 0, + "suspicious": 0, + "harmless": 0, + "timeout": 1 + }, + "results": [ + { + "result": null, + "method": "blacklist", + "engine_name": "APEX", + "category": "type-unsupported", + "engine_version": "6.90", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7AntiVirus", + "engine_version": "11.148.35577", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kingsoft", + "category": "undetected", + "engine_version": "2013.8.14.323", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee", + "engine_version": "6.0.6.653", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Microsoft", + "engine_version": "1.1.17500.4", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VBA32", + "category": "undetected", + "engine_version": "4.4.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ViRobot", + "category": "undetected", + "engine_version": "2014.3.20.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ALYac", + "category": "undetected", + "engine_version": "1.1.1.5", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Fortinet", + "engine_version": "6.2.142.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kaspersky", + "engine_version": "15.0.1.13", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ZoneAlarm", + "category": "undetected", + "engine_version": "1.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Bkav", + "category": "undetected", + "engine_version": "1.3.0.9899", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ClamAV", + "category": "undetected", + "engine_version": "0.102.3.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "FireEye", + "engine_version": "32.36.1.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Invincea", + "engine_version": "1.0.1.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Paloalto", + "category": "type-unsupported", + "engine_version": "1.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Yandex", + "engine_version": "5.5.2.24", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VIPRE", + "category": "undetected", + "engine_version": "87772", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Arcabit", + "engine_version": "1.0.0.881", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Baidu", + "category": "undetected", + "engine_version": "1.0.0.2", + "engine_update": "20190318" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Emsisoft", + "category": "undetected", + "engine_version": "2018.12.0.1641", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Jiangmin", + "category": "undetected", + "engine_version": "16.0.100", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Malwarebytes", + "category": "undetected", + "engine_version": "3.6.4.335", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TACHYON", + "engine_version": "2020-10-28.02", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trapmine", + "category": "type-unsupported", + "engine_version": "3.5.0.1023", + "engine_update": "20200727" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TrendMicro", + "engine_version": "11.0.0.1006", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TrendMicro-HouseCall", + "engine_version": "10.0.0.1040", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "eGambit", + "engine_version": null, + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "GData", + "engine_version": "A:25.27523B:27.20682", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Ikarus", + "category": "undetected", + "engine_version": "0.1.5.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SentinelOne", + "category": "undetected", + "engine_version": "4.5.0.1", + "engine_update": "20201008" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Tencent", + "category": "undetected", + "engine_version": "1.0.0.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AhnLab-V3", + "category": "undetected", + "engine_version": "3.18.2.10046", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "NANO-Antivirus", + "category": "undetected", + "engine_version": "1.0.146.25233", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Alibaba", + "engine_version": "0.3.0.5", + "category": "type-unsupported", + "engine_update": "20190527" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Antiy-AVL", + "category": "undetected", + "engine_version": "3.0.0.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avira", + "category": "undetected", + "engine_version": "8.3.3.8", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Comodo", + "engine_version": "32937", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cyren", + "engine_version": "6.3.0.2", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ESET-NOD32", + "category": "undetected", + "engine_version": "22226", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Qihoo-360", + "category": "undetected", + "engine_version": "1.0.0.1120", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Ad-Aware", + "engine_version": "3.0.16.117", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CAT-QuickHeal", + "category": "undetected", + "engine_version": "14.00", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MAX", + "engine_version": "2019.9.16.1", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MicroWorld-eScan", + "category": "undetected", + "engine_version": "14.0.409.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SUPERAntiSpyware", + "engine_version": "5.6.0.1032", + "category": "undetected", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zillya", + "engine_version": "2.0.0.4209", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cynet", + "category": "undetected", + "engine_version": "4.0.0.24", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Rising", + "engine_version": "25.0.0.26", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Webroot", + "engine_version": "1.0.0.403", + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zoner", + "engine_version": "0.0.0.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CMC", + "category": "undetected", + "engine_version": "2.7.2019.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "F-Secure", + "category": "undetected", + "engine_version": "12.0.86.52", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SymantecMobileInsight", + "category": "type-unsupported", + "engine_version": "2.0", + "engine_update": "20200813" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trustlook", + "category": "type-unsupported", + "engine_version": "1.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AegisLab", + "engine_version": "4.2", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CrowdStrike", + "category": "type-unsupported", + "engine_version": "1.0", + "engine_update": "20190702" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MaxSecure", + "engine_version": "1.0.0.1", + "category": "timeout", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee-GW-Edition", + "category": "undetected", + "engine_version": "v2019.1.2+3728", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Panda", + "category": "undetected", + "engine_version": "4.6.4.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Acronis", + "category": "undetected", + "engine_version": "1.1.1.80", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "BitDefender", + "category": "undetected", + "engine_version": "7.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "BitDefenderTheta", + "engine_version": "7.2.37796.0", + "category": "undetected", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Elastic", + "category": "undetected", + "engine_version": "4.0.11", + "engine_update": "20201012" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7GW", + "engine_version": "11.148.35577", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AVG", + "category": "undetected", + "engine_version": "18.4.3895.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TotalDefense", + "engine_version": "37.1.62.1", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast", + "category": "undetected", + "engine_version": "18.4.3895.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast-Mobile", + "category": "type-unsupported", + "engine_version": "201028-00", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cybereason", + "category": "type-unsupported", + "engine_version": "1.2.449", + "engine_update": "20190616" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Symantec", + "category": "undetected", + "engine_version": "1.13.0.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "DrWeb", + "category": "undetected", + "engine_version": "7.0.49.9080", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Sophos", + "category": "undetected", + "engine_version": "4.98.0", + "engine_update": "20201028" + } + ] + }, + "tags": [ + "64bits", + "macho" + ], + "trid": [ + { + "file_type": "Mac OS X Mach-O 64bit Intel executable", + "probability": 100 + } + ], + "notification": { + "date": "2020-10-28T16:10:34.000Z", + "snippet": "", + "tags": [ + "501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de", + "macho", + "noise" + ] + }, + "submission": { + "submission_count": 2, + "first_submitted": "2020-10-28T09:31:19.000Z", + "source": { + "geo": { + "country_iso_code": "US" + }, + "key": "63b1639b" + }, + "last_submitted": "2020-10-28T13:32:03.000Z", + "unique_sources": 1 + }, + "attributes": { + "macho_info": [ + { + "headers": { + "magic": "0xfeedfacf", + "num_cmds": 22, + "size_cmds": 3096, + "reserved": "0x0", + "entrypoint": "0x1080", + "file_type": "executable file", + "cpu_type": "x86_64", + "flags": [ + "DYLDLINK", + "NOUNDEFS", + "PIE", + "TWOLEVEL" + ], + "cpu_subtype": "X86_64_ALL" + }, + "libs": [ + "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation", + "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation", + "/usr/lib/libSystem.B.dylib", + "/usr/lib/libc++.1.dylib", + "/usr/lib/libobjc.A.dylib", + "@rpath/HandBrakeKit.framework/Versions/A/HandBrakeKit" + ], + "commands": [ + { + "type": "LC_DYLD_INFO_ONLY" + }, + { + "type": "LC_SYMTAB" + }, + { + "type": "LC_DYSYMTAB" + }, + { + "type": "LC_LOAD_DYLINKER" + }, + { + "type": "LC_UUID" + }, + { + "type": "LC_VERSION_MIN_MACOSX" + }, + { + "type": "LC_SOURCE_VERSION" + }, + { + "type": "LC_MAIN" + }, + { + "type": "LC_LOAD_DYLIB" + }, + { + "type": "LC_RPATH" + }, + { + "type": "LC_FUNCTION_STARTS" + }, + { + "type": "LC_DATA_IN_CODE" + }, + { + "type": "LC_CODE_SIGNATURE" + } + ], + "segments": [ + { + "vmaddr": "0x0", + "name": "__PAGEZERO", + "vmsize": "0x100000000", + "fileoff": "0x0", + "filesize": "0x0", + "sections": [] + }, + { + "vmaddr": "0x100000000", + "name": "__TEXT", + "vmsize": "0x4000", + "fileoff": "0x0", + "filesize": "0x4000", + "sections": [ + { + "flags": [ + "SECTION_ATTRIBUTES_USR", + "SECTION_ATTRIBUTES_SYS" + ], + "name": "__text", + "type": "S_REGULAR" + }, + { + "name": "__stubs", + "flags": [ + "SECTION_ATTRIBUTES_USR", + "SECTION_ATTRIBUTES_SYS" + ], + "type": "S_SYMBOL_STUBS" + }, + { + "flags": [ + "SECTION_ATTRIBUTES_USR", + "SECTION_ATTRIBUTES_SYS" + ], + "name": "__stub_helper", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__objc_methname", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [], + "name": "__objc_classname", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [], + "name": "__objc_methtype", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [], + "name": "__cstring", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [], + "name": "__unwind_info", + "type": "S_REGULAR" + } + ] + }, + { + "vmaddr": "0x100004000", + "name": "__DATA", + "vmsize": "0x4000", + "fileoff": "0x4000", + "filesize": "0x4000", + "sections": [ + { + "flags": [ + "S_8BYTE_LITERALS" + ], + "name": "__nl_symbol_ptr", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [ + "S_8BYTE_LITERALS" + ], + "name": "__got", + "type": "S_CSTRING_LITERALS" + }, + { + "flags": [ + "S_CSTRING_LITERALS", + "S_8BYTE_LITERALS" + ], + "name": "__la_symbol_ptr", + "type": "S_ZEROFILL" + }, + { + "flags": [], + "name": "__const", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__cfstring", + "type": "S_REGULAR" + }, + { + "flags": [ + "SECTION_ATTRIBUTES_USR" + ], + "name": "__objc_classlist", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__objc_protolist", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__objc_imageinfo", + "type": "S_REGULAR" + }, + { + "name": "__objc_const", + "flags": [], + "type": "S_REGULAR" + }, + { + "flags": [ + "S_8BYTE_LITERALS", + "SECTION_ATTRIBUTES_USR" + ], + "name": "__objc_selrefs", + "type": "S_ZEROFILL" + }, + { + "flags": [], + "name": "__objc_protorefs", + "type": "S_REGULAR" + }, + { + "flags": [ + "SECTION_ATTRIBUTES_USR" + ], + "name": "__objc_classrefs", + "type": "S_REGULAR" + }, + { + "flags": [ + "SECTION_ATTRIBUTES_USR" + ], + "name": "__objc_superrefs", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__objc_ivar", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__objc_data", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__data", + "type": "S_REGULAR" + }, + { + "flags": [], + "name": "__bss", + "type": "S_ZEROFILL" + } + ] + }, + { + "vmaddr": "0x100008000", + "name": "__LINKEDIT", + "vmsize": "0xc000", + "fileoff": "0x8000", + "filesize": "0xbe00", + "sections": [] + } + ] + } + ] + }, + "id": "501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de", + "last_modified": "2020-10-28T15:52:30.000Z", + "hash": { + "vhash": "ad088d75d573b21500cf31eff2a73d21" + }, + "type_description": "Mach-O" + }, + "event": { + "reference": "https://www.virustotal.com/gui/file/501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de", + "ingested": "2020-10-28T16:11:09.865523722Z", + "original": "{\"attributes\":{\"downloadable\":true,\"exiftool\":{\"CPUArchitecture\":\"64 bit\",\"CPUByteOrder\":\"Little endian\",\"CPUSubtype\":\"i386 (all) 64-bit\",\"CPUType\":\"x86 64-bit\",\"FileType\":\"Mach-O executable\",\"MIMEType\":\"application/octet-stream\",\"ObjectFileType\":\"Demand paged executable\",\"ObjectFlags\":\"No undefs, Dyld link, Two level, Random address\"},\"first_submission_date\":1603877479,\"last_analysis_date\":1603891923,\"last_analysis_results\":{\"ALYac\":{\"category\":\"undetected\",\"engine_name\":\"ALYac\",\"engine_update\":\"20201028\",\"engine_version\":\"1.1.1.5\",\"method\":\"blacklist\",\"result\":null},\"APEX\":{\"category\":\"type-unsupported\",\"engine_name\":\"APEX\",\"engine_update\":\"20201028\",\"engine_version\":\"6.90\",\"method\":\"blacklist\",\"result\":null},\"AVG\":{\"category\":\"undetected\",\"engine_name\":\"AVG\",\"engine_update\":\"20201028\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Acronis\":{\"category\":\"undetected\",\"engine_name\":\"Acronis\",\"engine_update\":\"20201023\",\"engine_version\":\"1.1.1.80\",\"method\":\"blacklist\",\"result\":null},\"Ad-Aware\":{\"category\":\"undetected\",\"engine_name\":\"Ad-Aware\",\"engine_update\":\"20201028\",\"engine_version\":\"3.0.16.117\",\"method\":\"blacklist\",\"result\":null},\"AegisLab\":{\"category\":\"undetected\",\"engine_name\":\"AegisLab\",\"engine_update\":\"20201028\",\"engine_version\":\"4.2\",\"method\":\"blacklist\",\"result\":null},\"AhnLab-V3\":{\"category\":\"undetected\",\"engine_name\":\"AhnLab-V3\",\"engine_update\":\"20201028\",\"engine_version\":\"3.18.2.10046\",\"method\":\"blacklist\",\"result\":null},\"Alibaba\":{\"category\":\"type-unsupported\",\"engine_name\":\"Alibaba\",\"engine_update\":\"20190527\",\"engine_version\":\"0.3.0.5\",\"method\":\"blacklist\",\"result\":null},\"Antiy-AVL\":{\"category\":\"undetected\",\"engine_name\":\"Antiy-AVL\",\"engine_update\":\"20201028\",\"engine_version\":\"3.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"Arcabit\":{\"category\":\"undetected\",\"engine_name\":\"Arcabit\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.881\",\"method\":\"blacklist\",\"result\":null},\"Avast\":{\"category\":\"undetected\",\"engine_name\":\"Avast\",\"engine_update\":\"20201028\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Avast-Mobile\":{\"category\":\"type-unsupported\",\"engine_name\":\"Avast-Mobile\",\"engine_update\":\"20201028\",\"engine_version\":\"201028-00\",\"method\":\"blacklist\",\"result\":null},\"Avira\":{\"category\":\"undetected\",\"engine_name\":\"Avira\",\"engine_update\":\"20201028\",\"engine_version\":\"8.3.3.8\",\"method\":\"blacklist\",\"result\":null},\"Baidu\":{\"category\":\"undetected\",\"engine_name\":\"Baidu\",\"engine_update\":\"20190318\",\"engine_version\":\"1.0.0.2\",\"method\":\"blacklist\",\"result\":null},\"BitDefender\":{\"category\":\"undetected\",\"engine_name\":\"BitDefender\",\"engine_update\":\"20201028\",\"engine_version\":\"7.2\",\"method\":\"blacklist\",\"result\":null},\"BitDefenderTheta\":{\"category\":\"undetected\",\"engine_name\":\"BitDefenderTheta\",\"engine_update\":\"20201023\",\"engine_version\":\"7.2.37796.0\",\"method\":\"blacklist\",\"result\":null},\"Bkav\":{\"category\":\"undetected\",\"engine_name\":\"Bkav\",\"engine_update\":\"20201027\",\"engine_version\":\"1.3.0.9899\",\"method\":\"blacklist\",\"result\":null},\"CAT-QuickHeal\":{\"category\":\"undetected\",\"engine_name\":\"CAT-QuickHeal\",\"engine_update\":\"20201028\",\"engine_version\":\"14.00\",\"method\":\"blacklist\",\"result\":null},\"CMC\":{\"category\":\"undetected\",\"engine_name\":\"CMC\",\"engine_update\":\"20201028\",\"engine_version\":\"2.7.2019.1\",\"method\":\"blacklist\",\"result\":null},\"ClamAV\":{\"category\":\"undetected\",\"engine_name\":\"ClamAV\",\"engine_update\":\"20201028\",\"engine_version\":\"0.102.3.0\",\"method\":\"blacklist\",\"result\":null},\"Comodo\":{\"category\":\"undetected\",\"engine_name\":\"Comodo\",\"engine_update\":\"20201028\",\"engine_version\":\"32937\",\"method\":\"blacklist\",\"result\":null},\"CrowdStrike\":{\"category\":\"type-unsupported\",\"engine_name\":\"CrowdStrike\",\"engine_update\":\"20190702\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Cybereason\":{\"category\":\"type-unsupported\",\"engine_name\":\"Cybereason\",\"engine_update\":\"20190616\",\"engine_version\":\"1.2.449\",\"method\":\"blacklist\",\"result\":null},\"Cynet\":{\"category\":\"undetected\",\"engine_name\":\"Cynet\",\"engine_update\":\"20201028\",\"engine_version\":\"4.0.0.24\",\"method\":\"blacklist\",\"result\":null},\"Cyren\":{\"category\":\"undetected\",\"engine_name\":\"Cyren\",\"engine_update\":\"20201028\",\"engine_version\":\"6.3.0.2\",\"method\":\"blacklist\",\"result\":null},\"DrWeb\":{\"category\":\"undetected\",\"engine_name\":\"DrWeb\",\"engine_update\":\"20201028\",\"engine_version\":\"7.0.49.9080\",\"method\":\"blacklist\",\"result\":null},\"ESET-NOD32\":{\"category\":\"undetected\",\"engine_name\":\"ESET-NOD32\",\"engine_update\":\"20201028\",\"engine_version\":\"22226\",\"method\":\"blacklist\",\"result\":null},\"Elastic\":{\"category\":\"undetected\",\"engine_name\":\"Elastic\",\"engine_update\":\"20201012\",\"engine_version\":\"4.0.11\",\"method\":\"blacklist\",\"result\":null},\"Emsisoft\":{\"category\":\"undetected\",\"engine_name\":\"Emsisoft\",\"engine_update\":\"20201028\",\"engine_version\":\"2018.12.0.1641\",\"method\":\"blacklist\",\"result\":null},\"F-Secure\":{\"category\":\"undetected\",\"engine_name\":\"F-Secure\",\"engine_update\":\"20201028\",\"engine_version\":\"12.0.86.52\",\"method\":\"blacklist\",\"result\":null},\"FireEye\":{\"category\":\"undetected\",\"engine_name\":\"FireEye\",\"engine_update\":\"20201028\",\"engine_version\":\"32.36.1.0\",\"method\":\"blacklist\",\"result\":null},\"Fortinet\":{\"category\":\"undetected\",\"engine_name\":\"Fortinet\",\"engine_update\":\"20201028\",\"engine_version\":\"6.2.142.0\",\"method\":\"blacklist\",\"result\":null},\"GData\":{\"category\":\"undetected\",\"engine_name\":\"GData\",\"engine_update\":\"20201028\",\"engine_version\":\"A:25.27523B:27.20682\",\"method\":\"blacklist\",\"result\":null},\"Ikarus\":{\"category\":\"undetected\",\"engine_name\":\"Ikarus\",\"engine_update\":\"20201028\",\"engine_version\":\"0.1.5.2\",\"method\":\"blacklist\",\"result\":null},\"Invincea\":{\"category\":\"undetected\",\"engine_name\":\"Invincea\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.1.0\",\"method\":\"blacklist\",\"result\":null},\"Jiangmin\":{\"category\":\"undetected\",\"engine_name\":\"Jiangmin\",\"engine_update\":\"20201028\",\"engine_version\":\"16.0.100\",\"method\":\"blacklist\",\"result\":null},\"K7AntiVirus\":{\"category\":\"undetected\",\"engine_name\":\"K7AntiVirus\",\"engine_update\":\"20201028\",\"engine_version\":\"11.148.35577\",\"method\":\"blacklist\",\"result\":null},\"K7GW\":{\"category\":\"undetected\",\"engine_name\":\"K7GW\",\"engine_update\":\"20201028\",\"engine_version\":\"11.148.35577\",\"method\":\"blacklist\",\"result\":null},\"Kaspersky\":{\"category\":\"undetected\",\"engine_name\":\"Kaspersky\",\"engine_update\":\"20201028\",\"engine_version\":\"15.0.1.13\",\"method\":\"blacklist\",\"result\":null},\"Kingsoft\":{\"category\":\"undetected\",\"engine_name\":\"Kingsoft\",\"engine_update\":\"20201028\",\"engine_version\":\"2013.8.14.323\",\"method\":\"blacklist\",\"result\":null},\"MAX\":{\"category\":\"undetected\",\"engine_name\":\"MAX\",\"engine_update\":\"20201028\",\"engine_version\":\"2019.9.16.1\",\"method\":\"blacklist\",\"result\":null},\"Malwarebytes\":{\"category\":\"undetected\",\"engine_name\":\"Malwarebytes\",\"engine_update\":\"20201028\",\"engine_version\":\"3.6.4.335\",\"method\":\"blacklist\",\"result\":null},\"MaxSecure\":{\"category\":\"timeout\",\"engine_name\":\"MaxSecure\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"McAfee\":{\"category\":\"undetected\",\"engine_name\":\"McAfee\",\"engine_update\":\"20201028\",\"engine_version\":\"6.0.6.653\",\"method\":\"blacklist\",\"result\":null},\"McAfee-GW-Edition\":{\"category\":\"undetected\",\"engine_name\":\"McAfee-GW-Edition\",\"engine_update\":\"20201028\",\"engine_version\":\"v2019.1.2+3728\",\"method\":\"blacklist\",\"result\":null},\"MicroWorld-eScan\":{\"category\":\"undetected\",\"engine_name\":\"MicroWorld-eScan\",\"engine_update\":\"20201028\",\"engine_version\":\"14.0.409.0\",\"method\":\"blacklist\",\"result\":null},\"Microsoft\":{\"category\":\"undetected\",\"engine_name\":\"Microsoft\",\"engine_update\":\"20201028\",\"engine_version\":\"1.1.17500.4\",\"method\":\"blacklist\",\"result\":null},\"NANO-Antivirus\":{\"category\":\"undetected\",\"engine_name\":\"NANO-Antivirus\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.146.25233\",\"method\":\"blacklist\",\"result\":null},\"Paloalto\":{\"category\":\"type-unsupported\",\"engine_name\":\"Paloalto\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Panda\":{\"category\":\"undetected\",\"engine_name\":\"Panda\",\"engine_update\":\"20201028\",\"engine_version\":\"4.6.4.2\",\"method\":\"blacklist\",\"result\":null},\"Qihoo-360\":{\"category\":\"undetected\",\"engine_name\":\"Qihoo-360\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1120\",\"method\":\"blacklist\",\"result\":null},\"Rising\":{\"category\":\"undetected\",\"engine_name\":\"Rising\",\"engine_update\":\"20201028\",\"engine_version\":\"25.0.0.26\",\"method\":\"blacklist\",\"result\":null},\"SUPERAntiSpyware\":{\"category\":\"undetected\",\"engine_name\":\"SUPERAntiSpyware\",\"engine_update\":\"20201023\",\"engine_version\":\"5.6.0.1032\",\"method\":\"blacklist\",\"result\":null},\"SentinelOne\":{\"category\":\"undetected\",\"engine_name\":\"SentinelOne\",\"engine_update\":\"20201008\",\"engine_version\":\"4.5.0.1\",\"method\":\"blacklist\",\"result\":null},\"Sophos\":{\"category\":\"undetected\",\"engine_name\":\"Sophos\",\"engine_update\":\"20201028\",\"engine_version\":\"4.98.0\",\"method\":\"blacklist\",\"result\":null},\"Symantec\":{\"category\":\"undetected\",\"engine_name\":\"Symantec\",\"engine_update\":\"20201028\",\"engine_version\":\"1.13.0.0\",\"method\":\"blacklist\",\"result\":null},\"SymantecMobileInsight\":{\"category\":\"type-unsupported\",\"engine_name\":\"SymantecMobileInsight\",\"engine_update\":\"20200813\",\"engine_version\":\"2.0\",\"method\":\"blacklist\",\"result\":null},\"TACHYON\":{\"category\":\"undetected\",\"engine_name\":\"TACHYON\",\"engine_update\":\"20201028\",\"engine_version\":\"2020-10-28.02\",\"method\":\"blacklist\",\"result\":null},\"Tencent\":{\"category\":\"undetected\",\"engine_name\":\"Tencent\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"TotalDefense\":{\"category\":\"undetected\",\"engine_name\":\"TotalDefense\",\"engine_update\":\"20201028\",\"engine_version\":\"37.1.62.1\",\"method\":\"blacklist\",\"result\":null},\"Trapmine\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trapmine\",\"engine_update\":\"20200727\",\"engine_version\":\"3.5.0.1023\",\"method\":\"blacklist\",\"result\":null},\"TrendMicro\":{\"category\":\"undetected\",\"engine_name\":\"TrendMicro\",\"engine_update\":\"20201028\",\"engine_version\":\"11.0.0.1006\",\"method\":\"blacklist\",\"result\":null},\"TrendMicro-HouseCall\":{\"category\":\"undetected\",\"engine_name\":\"TrendMicro-HouseCall\",\"engine_update\":\"20201028\",\"engine_version\":\"10.0.0.1040\",\"method\":\"blacklist\",\"result\":null},\"Trustlook\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trustlook\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"VBA32\":{\"category\":\"undetected\",\"engine_name\":\"VBA32\",\"engine_update\":\"20201028\",\"engine_version\":\"4.4.1\",\"method\":\"blacklist\",\"result\":null},\"VIPRE\":{\"category\":\"undetected\",\"engine_name\":\"VIPRE\",\"engine_update\":\"20201028\",\"engine_version\":\"87772\",\"method\":\"blacklist\",\"result\":null},\"ViRobot\":{\"category\":\"undetected\",\"engine_name\":\"ViRobot\",\"engine_update\":\"20201028\",\"engine_version\":\"2014.3.20.0\",\"method\":\"blacklist\",\"result\":null},\"Webroot\":{\"category\":\"type-unsupported\",\"engine_name\":\"Webroot\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.403\",\"method\":\"blacklist\",\"result\":null},\"Yandex\":{\"category\":\"undetected\",\"engine_name\":\"Yandex\",\"engine_update\":\"20201028\",\"engine_version\":\"5.5.2.24\",\"method\":\"blacklist\",\"result\":null},\"Zillya\":{\"category\":\"undetected\",\"engine_name\":\"Zillya\",\"engine_update\":\"20201028\",\"engine_version\":\"2.0.0.4209\",\"method\":\"blacklist\",\"result\":null},\"ZoneAlarm\":{\"category\":\"undetected\",\"engine_name\":\"ZoneAlarm\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Zoner\":{\"category\":\"undetected\",\"engine_name\":\"Zoner\",\"engine_update\":\"20201027\",\"engine_version\":\"0.0.0.0\",\"method\":\"blacklist\",\"result\":null},\"eGambit\":{\"category\":\"type-unsupported\",\"engine_name\":\"eGambit\",\"engine_update\":\"20201028\",\"engine_version\":null,\"method\":\"blacklist\",\"result\":null}},\"last_analysis_stats\":{\"confirmed-timeout\":0,\"failure\":0,\"harmless\":0,\"malicious\":0,\"suspicious\":0,\"timeout\":1,\"type-unsupported\":11,\"undetected\":61},\"last_modification_date\":1603900350,\"last_submission_date\":1603891923,\"macho_info\":[{\"commands\":[{\"type\":\"LC_DYLD_INFO_ONLY\"},{\"type\":\"LC_SYMTAB\"},{\"type\":\"LC_DYSYMTAB\"},{\"type\":\"LC_LOAD_DYLINKER\"},{\"type\":\"LC_UUID\"},{\"type\":\"LC_VERSION_MIN_MACOSX\"},{\"type\":\"LC_SOURCE_VERSION\"},{\"type\":\"LC_MAIN\"},{\"type\":\"LC_LOAD_DYLIB\"},{\"type\":\"LC_RPATH\"},{\"type\":\"LC_FUNCTION_STARTS\"},{\"type\":\"LC_DATA_IN_CODE\"},{\"type\":\"LC_CODE_SIGNATURE\"}],\"headers\":{\"cpu_subtype\":\"X86_64_ALL\",\"cpu_type\":\"x86_64\",\"entrypoint\":\"0x1080\",\"file_type\":\"executable file\",\"flags\":[\"DYLDLINK\",\"NOUNDEFS\",\"PIE\",\"TWOLEVEL\"],\"magic\":\"0xfeedfacf\",\"num_cmds\":22,\"reserved\":\"0x0\",\"size_cmds\":3096},\"libs\":[\"/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation\",\"/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation\",\"/usr/lib/libSystem.B.dylib\",\"/usr/lib/libc++.1.dylib\",\"/usr/lib/libobjc.A.dylib\",\"@rpath/HandBrakeKit.framework/Versions/A/HandBrakeKit\"],\"segments\":[{\"fileoff\":\"0x0\",\"filesize\":\"0x0\",\"name\":\"__PAGEZERO\",\"sections\":[],\"vmaddr\":\"0x0\",\"vmsize\":\"0x100000000\"},{\"fileoff\":\"0x0\",\"filesize\":\"0x4000\",\"name\":\"__TEXT\",\"sections\":[{\"flags\":[\"SECTION_ATTRIBUTES_USR\",\"SECTION_ATTRIBUTES_SYS\"],\"name\":\"__text\",\"type\":\"S_REGULAR\"},{\"flags\":[\"SECTION_ATTRIBUTES_USR\",\"SECTION_ATTRIBUTES_SYS\"],\"name\":\"__stubs\",\"type\":\"S_SYMBOL_STUBS\"},{\"flags\":[\"SECTION_ATTRIBUTES_USR\",\"SECTION_ATTRIBUTES_SYS\"],\"name\":\"__stub_helper\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_methname\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[],\"name\":\"__objc_classname\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[],\"name\":\"__objc_methtype\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[],\"name\":\"__cstring\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[],\"name\":\"__unwind_info\",\"type\":\"S_REGULAR\"}],\"vmaddr\":\"0x100000000\",\"vmsize\":\"0x4000\"},{\"fileoff\":\"0x4000\",\"filesize\":\"0x4000\",\"name\":\"__DATA\",\"sections\":[{\"flags\":[\"S_8BYTE_LITERALS\"],\"name\":\"__nl_symbol_ptr\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[\"S_8BYTE_LITERALS\"],\"name\":\"__got\",\"type\":\"S_CSTRING_LITERALS\"},{\"flags\":[\"S_CSTRING_LITERALS\",\"S_8BYTE_LITERALS\"],\"name\":\"__la_symbol_ptr\",\"type\":\"S_ZEROFILL\"},{\"flags\":[],\"name\":\"__const\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__cfstring\",\"type\":\"S_REGULAR\"},{\"flags\":[\"SECTION_ATTRIBUTES_USR\"],\"name\":\"__objc_classlist\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_protolist\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_imageinfo\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_const\",\"type\":\"S_REGULAR\"},{\"flags\":[\"S_8BYTE_LITERALS\",\"SECTION_ATTRIBUTES_USR\"],\"name\":\"__objc_selrefs\",\"type\":\"S_ZEROFILL\"},{\"flags\":[],\"name\":\"__objc_protorefs\",\"type\":\"S_REGULAR\"},{\"flags\":[\"SECTION_ATTRIBUTES_USR\"],\"name\":\"__objc_classrefs\",\"type\":\"S_REGULAR\"},{\"flags\":[\"SECTION_ATTRIBUTES_USR\"],\"name\":\"__objc_superrefs\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_ivar\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__objc_data\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__data\",\"type\":\"S_REGULAR\"},{\"flags\":[],\"name\":\"__bss\",\"type\":\"S_ZEROFILL\"}],\"vmaddr\":\"0x100004000\",\"vmsize\":\"0x4000\"},{\"fileoff\":\"0x8000\",\"filesize\":\"0xbe00\",\"name\":\"__LINKEDIT\",\"sections\":[],\"vmaddr\":\"0x100008000\",\"vmsize\":\"0xc000\"}]}],\"magic\":\"Mach-O 64-bit executable\",\"md5\":\"bc78a533a6445df15622f38198604d74\",\"meaningful_name\":\"HandBrakeXPCService3\",\"names\":[\"HandBrakeXPCService3\"],\"reputation\":0,\"sha1\":\"be99bc06c676157b9216cd1128c3026a67f88190\",\"sha256\":\"501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de\",\"size\":81408,\"ssdeep\":\"768:IkBMI4Q/lFFigUp0ZrYKi0v+5uRU3RdMvfECin3BAVdAnM5MIqyA+o85dyA3:IkBEQNFFiEiU0BAVdAnM5Mx+o853\",\"tags\":[\"64bits\",\"macho\"],\"times_submitted\":2,\"tlsh\":\"T14783E719EB4009EBC19EC135492B47052318E3191A2D7B6F52D3D2A86FF5FEA5F20F86\",\"total_votes\":{\"harmless\":0,\"malicious\":0},\"trid\":[{\"file_type\":\"Mac OS X Mach-O 64bit Intel executable\",\"probability\":100}],\"type_description\":\"Mach-O\",\"type_tag\":\"macho\",\"unique_sources\":1,\"vhash\":\"ad088d75d573b21500cf31eff2a73d21\"},\"context_attributes\":{\"match_in_subfile\":false,\"notification_date\":1603901434,\"notification_id\":\"1674190977644440-5192592417652736-764cb5d75dca7e158213a9b0d4d61def\",\"notification_snippet\":\"\",\"notification_source_country\":\"US\",\"notification_source_key\":\"63b1639b\",\"notification_tags\":[\"501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de\",\"macho\",\"noise\"],\"rule_name\":\"macho\",\"rule_tags\":[\"noise\"],\"ruleset_id\":\"5192592417652736\",\"ruleset_name\":\"macho\"},\"id\":\"501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de\",\"links\":{\"self\":\"https://www.virustotal.com/api/v3/files/501c0223777b21252062394caefc34a53a1f49af2f93bd0154a16a7c0a8eb4de\"},\"type\":\"file\"}", + "created": "2020-10-28T16:11:08.063Z", + "kind": "alert", + "module": "virustotal", + "category": "file", + "type": "info", + "dataset": "virustotal.livehunt" + } +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/manifest.yml b/x-pack/filebeat/module/virustotal/livehunt/manifest.yml new file mode 100644 index 00000000000..72fc8839436 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/manifest.yml @@ -0,0 +1,36 @@ +#spellchecker: disable +module_version: 1.0 +var: + # Options are httpjson or kafka + - name: input + default: httpjson + + - name: vt_fileinfo_url + default: "https://www.virustotal.com/gui/file/" + + - name: api_key + default: "" + + # Maximum 40 + - name: limit + default: 10 + + # how often to poll the HTTP API + - name: interval + default: 1m + + # If consuming raw events from Kafka + - name: kafka_brokers + default: + - 127.0.0.1:9092 + + - name: kafka_topics + default: + - virustotal.livehunt + + - name: kafka_groupid + default: filebeat + +input: config/livehunt.yml +ingest_pipeline: + - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/virustotal/livehunt/pe.example.json b/x-pack/filebeat/module/virustotal/livehunt/pe.example.json new file mode 100644 index 00000000000..2901e488797 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/pe.example.json @@ -0,0 +1,7806 @@ +{ + "agent": { + "name": "eBook", + "id": "e5d3e809-401f-4da8-bb38-629ac1bfc1de", + "ephemeral_id": "9d521278-e4c9-41b8-bd0a-9aa615b855a8", + "type": "filebeat", + "version": "8.0.0" + }, + "rule": { + "ruleset_id": "5395972918378496", + "name": "MALWARE_BazarLoader", + "ruleset": "MALWARE_BAZARLOADER", + "match_in_subfile": false, + "tags": [ + "IA_DEV" + ] + }, + "fileset": { + "name": "livehunt" + }, + "input": { + "type": "httpjson" + }, + "@timestamp": "2020-10-28T18:27:06.000Z", + "file": { + "size": 5996272, + "mime_type": "application/vnd.microsoft.portable-executable", + "pe": { + "rich_pe_header_hash": "fab25d91a463935a05c0f72e536aeb83", + "machine_type": 34404, + "flattened": { + "import_list": [ + { + "library_name": "gdiplus.dll", + "imported_functions": [ + "GdipBitmapLockBits", + "GdipGetImagePixelFormat", + "GdipCreateBitmapFromScan0", + "GdiplusShutdown", + "GdipGetImagePalette", + "GdipDisposeImage", + "GdipBitmapUnlockBits", + "GdiplusStartup", + "GdipDeleteGraphics", + "GdipCreateBitmapFromStream", + "GdipCreateFromHDC", + "GdipGetImageWidth", + "GdipCreateBitmapFromHBITMAP", + "GdipAlloc", + "GdipGetImagePaletteSize", + "GdipDrawImageI", + "GdipDrawImageRectI", + "GdipSetInterpolationMode", + "GdipFree", + "GdipGetImageHeight", + "GdipCloneImage", + "GdipGetImageGraphicsContext" + ] + }, + { + "library_name": "MSIMG32.dll", + "imported_functions": [ + "TransparentBlt", + "AlphaBlend" + ] + }, + { + "library_name": "KERNEL32.dll", + "imported_functions": [ + "GetStdHandle", + "GetConsoleOutputCP", + "InterlockedPopEntrySList", + "DeactivateActCtx", + "WaitForSingleObject", + "SetEndOfFile", + "SignalObjectAndWait", + "CreateTimerQueue", + "GetFileAttributesW", + "lstrcmpW", + "SystemTimeToTzSpecificLocalTime", + "DeleteCriticalSection", + "GetCurrentProcess", + "GetConsoleMode", + "LocalAlloc", + "UnhandledExceptionFilter", + "SetFilePointer", + "SetErrorMode", + "GetSystemDirectoryW", + "FreeEnvironmentStringsW", + "InitializeSListHead", + "FileTimeToSystemTime", + "GetLocaleInfoW", + "SetStdHandle", + "GetFileTime", + "GetCPInfo", + "FindResourceExW", + "FormatMessageW", + "GetSystemTimeAsFileTime", + "GetCommandLineA", + "GetThreadTimes", + "HeapReAlloc", + "GetStringTypeW", + "FindActCtxSectionStringW", + "FreeLibrary", + "LocalFree", + "GetProfileIntW", + "GetThreadPriority", + "FreeLibraryAndExitThread", + "InitializeCriticalSection", + "OutputDebugStringW", + "GlobalHandle", + "VirtualAllocExNuma", + "FindClose", + "TlsGetValue", + "GetFullPathNameW", + "QueueUserWorkItem", + "EncodePointer", + "OutputDebugStringA", + "GetCurrentThread", + "InterlockedPushEntrySList", + "SetLastError", + "GetUserDefaultUILanguage", + "GetCurrentDirectoryW", + "GlobalFindAtomW", + "LoadResource", + "InitOnceComplete", + "TryEnterCriticalSection", + "IsDebuggerPresent", + "ExitProcess", + "InitializeCriticalSectionEx", + "VerSetConditionMask", + "GetSystemDefaultUILanguage", + "CreateActCtxW", + "SetThreadPriority", + "ActivateActCtx", + "RtlVirtualUnwind", + "EnumSystemLocalesW", + "LoadLibraryExW", + "MultiByteToWideChar", + "VerifyVersionInfoW", + "SetFilePointerEx", + "DeleteTimerQueueTimer", + "GetPrivateProfileStringW", + "RegisterWaitForSingleObject", + "GlobalAddAtomW", + "CreateThread", + "SetEnvironmentVariableW", + "InterlockedFlushSList", + "SetUnhandledExceptionFilter", + "MulDiv", + "IsProcessorFeaturePresent", + "ExitThread", + "DecodePointer", + "InitOnceBeginInitialize", + "TerminateProcess", + "SearchPathW", + "GetModuleHandleExW", + "GlobalUnlock", + "GlobalAlloc", + "ChangeTimerQueueTimer", + "CreateEventW", + "ReadConsoleW", + "GetCurrentThreadId", + "GetProcAddress", + "WriteConsoleW", + "InitializeCriticalSectionAndSpinCount", + "HeapFree", + "EnterCriticalSection", + "LoadLibraryW", + "GetLastError", + "GetVersionExW", + "GetOEMCP", + "QueryPerformanceCounter", + "GetTickCount", + "TlsAlloc", + "VirtualProtect", + "FlushFileBuffers", + "lstrcmpiW", + "RtlUnwind", + "CopyFileW", + "GlobalSize", + "UnlockFile", + "RtlPcToFileHeader", + "GetWindowsDirectoryW", + "GetFileSize", + "GlobalDeleteAtom", + "GetDateFormatW", + "GetStartupInfoW", + "SetEvent", + "DeleteFileW", + "GetUserDefaultLCID", + "GetPrivateProfileIntW", + "GetProcessHeap", + "GetTempFileNameW", + "QueryDepthSList", + "GetTimeFormatW", + "WriteFile", + "GetFileSizeEx", + "GlobalReAlloc", + "GetModuleFileNameW", + "lstrcmpA", + "FindNextFileW", + "RtlLookupFunctionEntry", + "ResetEvent", + "CreateTimerQueueTimer", + "FindResourceW", + "FindFirstFileW", + "IsValidLocale", + "DuplicateHandle", + "FindFirstFileExW", + "RtlUnwindEx", + "GetProcessAffinityMask", + "GetTimeZoneInformation", + "CreateFileW", + "GetFileType", + "TlsSetValue", + "HeapAlloc", + "LeaveCriticalSection", + "GlobalGetAtomNameW", + "LocalReAlloc", + "LCMapStringW", + "GetSystemInfo", + "GlobalFree", + "ResumeThread", + "UnregisterWaitEx", + "CompareStringW", + "GetVolumeInformationW", + "GetEnvironmentStringsW", + "lstrcpyW", + "WaitForSingleObjectEx", + "LockFile", + "SwitchToThread", + "SizeofResource", + "UnregisterWait", + "GetCurrentProcessId", + "LockResource", + "GetCommandLineW", + "HeapQueryInformation", + "WideCharToMultiByte", + "HeapSize", + "QueryActCtxW", + "RaiseException", + "SetThreadAffinityMask", + "WritePrivateProfileStringW", + "QueryPerformanceFrequency", + "ReleaseSemaphore", + "TlsFree", + "GetModuleHandleA", + "ReadFile", + "GlobalFlags", + "RtlCaptureContext", + "CloseHandle", + "GetACP", + "GlobalLock", + "GetModuleHandleW", + "FreeResource", + "FileTimeToLocalFileTime", + "GetFileAttributesExW", + "GetLogicalProcessorInformation", + "GetNumaHighestNodeNumber", + "IsValidCodePage", + "GetTempPathW", + "VirtualQuery", + "VirtualFree", + "Sleep", + "VirtualAlloc" + ] + }, + { + "library_name": "UxTheme.dll", + "imported_functions": [ + "IsAppThemed", + "GetThemeSysColor", + "GetThemeColor", + "GetCurrentThemeName", + "DrawThemeText", + "OpenThemeData", + "DrawThemeParentBackground", + "CloseThemeData", + "DrawThemeBackground", + "GetWindowTheme", + "IsThemeBackgroundPartiallyTransparent", + "GetThemePartSize" + ] + }, + { + "library_name": "OLEAUT32.dll", + "imported_functions": [ + "VariantChangeType", + "VariantTimeToSystemTime", + "SysStringLen", + "SystemTimeToVariantTime", + "SysAllocStringLen", + "VarBstrFromDate", + "VariantClear", + "SysAllocString", + "VariantCopy", + "OleLoadPicture", + "LoadTypeLib", + "SysFreeString", + "VariantInit" + ] + }, + { + "library_name": "SHELL32.dll", + "imported_functions": [ + "DragQueryFileW", + "SHBrowseForFolderW", + "ShellExecuteW", + "SHGetPathFromIDListW", + "SHGetSpecialFolderLocation", + "SHAppBarMessage", + "SHGetFileInfoW", + "SHGetDesktopFolder", + "SHGetMalloc", + "DragFinish" + ] + }, + { + "library_name": "OLEACC.dll", + "imported_functions": [ + "CreateStdAccessibleObject", + "AccessibleObjectFromWindow", + "LresultFromObject" + ] + }, + { + "library_name": "WINMM.dll", + "imported_functions": [ + "PlaySoundW" + ] + }, + { + "library_name": "GDI32.dll", + "imported_functions": [ + "GetTextMetricsW", + "SetMapMode", + "GetWindowOrgEx", + "GetPaletteEntries", + "CombineRgn", + "GetViewportOrgEx", + "GetObjectType", + "GetBoundsRect", + "SetLayout", + "SetPixel", + "SetPixelV", + "DeleteObject", + "IntersectClipRect", + "OffsetWindowOrgEx", + "CreateEllipticRgn", + "GetTextFaceW", + "CreatePalette", + "CreateDIBitmap", + "SetTextAlign", + "StretchBlt", + "ScaleViewportExtEx", + "SetWindowExtEx", + "SetBkColor", + "GetBkColor", + "SetRectRgn", + "GetTextCharsetInfo", + "TextOutW", + "CreateFontIndirectW", + "OffsetRgn", + "CreateRectRgnIndirect", + "LPtoDP", + "GetPixel", + "GetLayout", + "ExcludeClipRect", + "OffsetViewportOrgEx", + "SetBkMode", + "EnumFontFamiliesW", + "PtInRegion", + "BitBlt", + "FillRgn", + "FrameRgn", + "SelectPalette", + "PtVisible", + "ExtSelectClipRgn", + "ScaleWindowExtEx", + "SetROP2", + "GetNearestPaletteIndex", + "SetDIBColorTable", + "GetTextColor", + "Escape", + "SetViewportExtEx", + "GetWindowExtEx", + "PatBlt", + "CreatePen", + "GetClipBox", + "Rectangle", + "GetDeviceCaps", + "LineTo", + "DeleteDC", + "GetSystemPaletteEntries", + "GetObjectW", + "CreateDCW", + "RealizePalette", + "CreateHatchBrush", + "CreatePatternBrush", + "ExtTextOutW", + "SetPaletteEntries", + "CreateBitmap", + "RectVisible", + "GetStockObject", + "SelectClipRgn", + "RoundRect", + "SetWindowOrgEx", + "GetViewportExtEx", + "GetTextExtentPoint32W", + "CreatePolygonRgn", + "Polygon", + "GetRgnBox", + "SaveDC", + "RestoreDC", + "CreateDIBSection", + "SetTextColor", + "ExtFloodFill", + "MoveToEx", + "EnumFontFamiliesExW", + "SetViewportOrgEx", + "CreateRoundRectRgn", + "CreateCompatibleDC", + "CreateRectRgn", + "SelectObject", + "SetPolyFillMode", + "CopyMetaFileW", + "CreateCompatibleBitmap", + "CreateSolidBrush", + "Polyline", + "DPtoLP", + "Ellipse" + ] + }, + { + "library_name": "WINSPOOL.DRV", + "imported_functions": [ + "ClosePrinter", + "DocumentPropertiesW", + "OpenPrinterW" + ] + }, + { + "library_name": "ADVAPI32.dll", + "imported_functions": [ + "RegCreateKeyExW", + "RegDeleteValueW", + "RegCloseKey", + "CryptAcquireContextA", + "RegSetValueExW", + "RegEnumValueW", + "RegEnumKeyW", + "RegEnumKeyExW", + "CryptAcquireContextW", + "CryptEncrypt", + "RegOpenKeyExW", + "RegDeleteKeyW", + "CryptHashData", + "RegQueryValueExW", + "RegQueryValueW", + "CryptCreateHash" + ] + }, + { + "library_name": "ole32.dll", + "imported_functions": [ + "CoInitializeEx", + "OleLockRunning", + "CoCreateInstance", + "CoInitialize", + "CoTaskMemAlloc", + "CoLockObjectExternal", + "IsAccelerator", + "CoCreateGuid", + "RegisterDragDrop", + "OleCreateMenuDescriptor", + "CoUninitialize", + "OleDestroyMenuDescriptor", + "ReleaseStgMedium", + "DoDragDrop", + "RevokeDragDrop", + "CoDisconnectObject", + "OleGetClipboard", + "OleDuplicateData", + "CoTaskMemFree", + "CreateStreamOnHGlobal", + "OleTranslateAccelerator" + ] + }, + { + "library_name": "SHLWAPI.dll", + "imported_functions": [ + "PathFindFileNameW", + "PathRemoveFileSpecW", + "PathIsUNCW", + "PathFindExtensionW", + "StrFormatKBSizeW", + "PathStripToRootW" + ] + }, + { + "library_name": "WS2_32.dll", + "imported_functions": [ + "connect", + "setsockopt", + "htons", + "gethostname", + "socket", + "bind", + "WSAStartup", + "inet_ntop", + "accept", + "WSACleanup", + "recvfrom", + "gethostbyname", + "WSASocketW", + "sendto", + "closesocket", + "WSASetLastError", + "inet_pton", + "recv", + "inet_ntoa", + "send", + "listen" + ] + }, + { + "library_name": "USER32.dll", + "imported_functions": [ + "RedrawWindow", + "GetForegroundWindow", + "SetWindowRgn", + "SetMenuItemBitmaps", + "DrawTextW", + "SetWindowLongPtrW", + "SetRectEmpty", + "EnableScrollBar", + "DestroyMenu", + "PostQuitMessage", + "GetMessagePos", + "DrawStateW", + "SetWindowPos", + "GetNextDlgTabItem", + "IsWindow", + "GrayStringW", + "EndPaint", + "WindowFromPoint", + "DrawIcon", + "GetMessageTime", + "SetMenuItemInfoW", + "SetActiveWindow", + "GetDC", + "GetAsyncKeyState", + "MapDialogRect", + "GetDlgCtrlID", + "GetMenu", + "UnregisterClassW", + "GetClientRect", + "DefWindowProcW", + "SetMenuDefaultItem", + "SetScrollPos", + "CallNextHookEx", + "IsClipboardFormatAvailable", + "LoadImageW", + "GetKeyboardState", + "GetActiveWindow", + "OpenClipboard", + "GetWindowTextW", + "RegisterClipboardFormatW", + "CopyAcceleratorTableW", + "GetWindowTextLengthW", + "LoadAcceleratorsW", + "ScrollWindow", + "GetKeyState", + "TrackMouseEvent", + "DrawEdge", + "GetParent", + "UpdateWindow", + "GetPropW", + "EqualRect", + "GetMenuState", + "MapVirtualKeyExW", + "GetMessageW", + "ShowWindow", + "DrawFrameControl", + "GetNextDlgGroupItem", + "SetPropW", + "EnumDisplayMonitors", + "DefMDIChildProcW", + "PeekMessageW", + "TranslateMDISysAccel", + "EnableWindow", + "SetWindowPlacement", + "CharUpperW", + "LoadIconW", + "GetMenuCheckMarkDimensions", + "TranslateMessage", + "IsWindowEnabled", + "GetWindow", + "GetMenuDefaultItem", + "RegisterClassW", + "GetIconInfo", + "SetParent", + "GetMenuStringW", + "IsZoomed", + "GetWindowPlacement", + "DestroyWindow", + "GetWindowLongPtrW", + "IsCharLowerW", + "EnableMenuItem", + "InvertRect", + "DrawFocusRect", + "SetTimer", + "GetKeyboardLayout", + "FlashWindow", + "MonitorFromPoint", + "CreateAcceleratorTableW", + "GetSysColorBrush", + "RealChildWindowFromPoint", + "CreateWindowExW", + "TabbedTextOutW", + "GetWindowLongW", + "GetUpdateRect", + "PtInRect", + "IsChild", + "DrawMenuBar", + "MapWindowPoints", + "RegisterWindowMessageW", + "GetMonitorInfoW", + "ReleaseCapture", + "IsIconic", + "SetClassLongPtrW", + "BeginPaint", + "OffsetRect", + "SetFocus", + "GetScrollPos", + "CopyIcon", + "KillTimer", + "MapVirtualKeyW", + "GetComboBoxInfo", + "GetClassInfoExW", + "ToUnicodeEx", + "SendDlgItemMessageA", + "GetSystemMetrics", + "SetWindowLongW", + "SetScrollRange", + "GetWindowRect", + "InflateRect", + "SetCapture", + "IsDialogMessageW", + "IntersectRect", + "PostMessageW", + "InvalidateRect", + "CheckDlgButton", + "DrawTextExW", + "WaitMessage", + "CreatePopupMenu", + "CheckMenuItem", + "GetSubMenu", + "SetClipboardData", + "GetLastActivePopup", + "DrawIconEx", + "CharUpperBuffW", + "SetWindowTextW", + "CreateMenu", + "GetDlgItem", + "RemovePropW", + "BringWindowToTop", + "ClientToScreen", + "GetScrollInfo", + "TrackPopupMenu", + "PostThreadMessageW", + "GetMenuItemCount", + "GetClassLongPtrW", + "DestroyAcceleratorTable", + "BeginDeferWindowPos", + "ValidateRect", + "SetWindowsHookExW", + "LoadCursorW", + "GetSystemMenu", + "ReuseDDElParam", + "GetMenuItemID", + "InsertMenuW", + "FillRect", + "SetForegroundWindow", + "NotifyWinEvent", + "GetMenuItemInfoW", + "GetCursorPos", + "CreateDialogIndirectParamW", + "ReleaseDC", + "GetScrollRange", + "SetLayeredWindowAttributes", + "EndDialog", + "ModifyMenuW", + "HideCaret", + "CopyRect", + "GetCapture", + "ScreenToClient", + "MessageBeep", + "LoadMenuW", + "RemoveMenu", + "GetWindowThreadProcessId", + "DeferWindowPos", + "ShowScrollBar", + "MessageBoxW", + "SendMessageW", + "LockWindowUpdate", + "UnhookWindowsHookEx", + "MoveWindow", + "AppendMenuW", + "GetWindowDC", + "DestroyCursor", + "AdjustWindowRectEx", + "GetSysColor", + "DispatchMessageW", + "SetDlgItemTextW", + "SetScrollInfo", + "CopyImage", + "EndDeferWindowPos", + "GetWindowRgn", + "UpdateLayeredWindow", + "GetDoubleClickTime", + "DestroyIcon", + "GetTopWindow", + "DefFrameProcW", + "ShowOwnedPopups", + "WinHelpW", + "LoadBitmapW", + "EmptyClipboard", + "GetDesktopWindow", + "SubtractRect", + "UnpackDDElParam", + "SetCursorPos", + "SystemParametersInfoW", + "UnionRect", + "MonitorFromWindow", + "FrameRect", + "SetRect", + "DeleteMenu", + "GetKeyNameTextW", + "CallWindowProcW", + "GetClassNameW", + "GetClassInfoW", + "IsRectEmpty", + "IsMenu", + "GetFocus", + "InsertMenuItemW", + "CloseClipboard", + "IsWindowVisible", + "TranslateAcceleratorW", + "SetMenu", + "SetCursor" + ] + }, + { + "library_name": "IMM32.dll", + "imported_functions": [ + "ImmReleaseContext", + "ImmGetContext", + "ImmGetOpenStatus" + ] + } + ], + "debug": [ + { + "codeview": { + "signature": "RSDS", + "name": "B:\\23.10.20\\natchat-master\\natchat-master\\x64\\Release\\natchat.pdb", + "guid": "27c35118-a280-4f8d-9ffa-5bfa164986c3", + "age": 1 + }, + "offset": 2848180, + "size": 90, + "type_str": "IMAGE_DEBUG_TYPE_CODEVIEW", + "type": 2, + "timestamp": "Mon Oct 26 14:36:21 2020" + }, + { + "offset": 2848272, + "size": 20, + "type_str": "IMAGE_DEBUG_TYPE_VC_FEATURE", + "type": 12, + "timestamp": "Mon Oct 26 14:36:21 2020" + }, + { + "size": 984, + "offset": 2848292, + "type_str": "IMAGE_DEBUG_TYPE_POGO", + "type": 13, + "timestamp": "Mon Oct 26 14:36:21 2020" + } + ], + "resource_languages": { + "ENGLISH US": 1, + "CHINESE SIMPLIFIED": 760 + }, + "sections": [ + { + "chi2": 17140224, + "virtual_address": 4096, + "entropy": 6.37, + "flags": "rx", + "name": ".text", + "raw_size": 2353664, + "virtual_size": 2353504, + "md5": "97842f7d2072a1cb0812f58778bb3865" + }, + { + "chi2": 33604536, + "virtual_address": 2359296, + "entropy": 4.73, + "name": ".rdata", + "flags": "r", + "raw_size": 646144, + "virtual_size": 646042, + "md5": "f003701800a5c3855407575152264ae2" + }, + { + "chi2": 13360996, + "virtual_address": 3006464, + "entropy": 6.83, + "name": ".data", + "flags": "rw", + "raw_size": 2542592, + "virtual_size": 2579264, + "md5": "c1c3b61facc00261e2f623601441132e" + }, + { + "chi2": 2377556.5, + "virtual_address": 5586944, + "entropy": 6.12, + "flags": "r", + "name": ".pdata", + "raw_size": 121344, + "virtual_size": 121296, + "md5": "0ef3824d2563365dea4fc12efe6d7d81" + }, + { + "chi2": 84698, + "virtual_address": 5709824, + "entropy": 1.47, + "flags": "r", + "name": "_RDATA", + "raw_size": 512, + "virtual_size": 148, + "md5": "982c22ff21a635c94655d858aa42b98c" + }, + { + "chi2": 20264084, + "virtual_address": 5713920, + "entropy": 3.98, + "flags": "r", + "name": ".rsrc", + "raw_size": 3353088, + "virtual_size": 3352704, + "md5": "fcdcb45989ddf2e60a97b2db03f3ba02" + }, + { + "chi2": -1, + "virtual_address": 9068544, + "entropy": 0, + "flags": "r", + "name": ".reloc", + "raw_size": 66560, + "virtual_size": 66292, + "md5": "d41d8cd98f00b204e9800998ecf8427e" + } + ], + "resource_details": [ + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "AFX_DIALOG_LAYOUT" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "AFX_DIALOG_LAYOUT" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "AFX_DIALOG_LAYOUT", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "AFX_DIALOG_LAYOUT" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "AFX_DIALOG_LAYOUT" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "AFX_DIALOG_LAYOUT", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "GIF" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "GIF" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "GIF" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "PNG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "PNG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "STYLE_XML" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "STYLE_XML" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "STYLE_XML" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "STYLE_XML", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "STYLE_XML" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_BITMAP", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_BITMAP" + }, + { + "chi2": 3937929, + "filetype": "Data", + "entropy": 3.7023355960845947, + "sha256": "23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": 3937929, + "filetype": "Data", + "entropy": 3.7023355960845947, + "sha256": "23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": 3937929, + "filetype": "Data", + "entropy": 3.7023355960845947, + "sha256": "23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4", + "type": "RT_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": 2364152.25, + "filetype": "Data", + "entropy": 3.628403425216675, + "sha256": "443f4da64679022e015dce490d84749ce75278dc1988fc0cf0b031c74c9de8ea", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_MENU" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_DIALOG" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_DIALOG", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_STRING", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_STRING" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_ACCELERATOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_CURSOR" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_CURSOR", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": 1669.60009765625, + "filetype": "ASCII text", + "entropy": 1.9804819822311401, + "sha256": "cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba", + "type": "RT_GROUP_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": 1567.2001953125, + "filetype": "ASCII text", + "entropy": 2.160964012145996, + "sha256": "12598188b44d76a8828aa7a8211c4c1bfa8093f617928f5c8f3da9cd81a42d64", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": 1567.2001953125, + "filetype": "ASCII text", + "entropy": 2.160964012145996, + "sha256": "c5ed0d15770e8cd7fb0d5796315496756f297460843dab62de0bea7c3cfea703", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "RT_GROUP_ICON", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_GROUP_ICON" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "RT_VERSION" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "ENGLISH US", + "type": "RT_MANIFEST" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "type": "Struct(241)", + "lang": "CHINESE SIMPLIFIED" + }, + { + "chi2": -1, + "filetype": "English text", + "entropy": 0, + "sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", + "lang": "CHINESE SIMPLIFIED", + "type": "Struct(241)" + } + ], + "resource_types": { + "RT_MANIFEST": 1, + "RT_ICON": 18, + "GIF": 3, + "RT_BITMAP": 46, + "RT_STRING": 30, + "PNG": 553, + "RT_MENU": 1, + "RT_DIALOG": 29, + "STYLE_XML": 5, + "RT_GROUP_ICON": 10, + "RT_VERSION": 1, + "RT_CURSOR": 28, + "AFX_DIALOG_LAYOUT": 6, + "Struct(241)": 2, + "RT_ACCELERATOR": 1, + "RT_GROUP_CURSOR": 27 + } + }, + "compile_timestamp": "2020-10-26T14:36:21.000Z", + "imphash": "68477125a486ea0db1018d0cc1b74711", + "overlay": { + "chi2": 20264084, + "filetype": "Data", + "entropy": 3.9820261001586914, + "offset": 5665280, + "size": 330992, + "md5": "fcdcb45989ddf2e60a97b2db03f3ba02" + }, + "compiler_product_versions": [ + "id: 259, version: 27412 count=18", + "id: 253, version: 23601 count=2", + "id: 260, version: 27412 count=36", + "id: 261, version: 27412 count=208", + "id: 262, version: 27412 count=1", + "id: 257, version: 27412 count=35", + "[---] Unmarked objects count=841", + "id: 260, version: 28920 count=18", + "id: 259, version: 28920 count=11", + "id: 261, version: 28920 count=466", + "id: 261, version: 29111 count=15", + "id: 255, version: 29111 count=1", + "id: 151, version: 0 count=1", + "id: 258, version: 29111 count=1" + ], + "creation_date": "2020-10-26T14:36:21.000Z", + "authentihash": "8addb5cf586206d0a1d6cdaf140f9a152d598923a3fe057f0317e9a2648f1d0f", + "entry_point": 1804880 + }, + "name": [], + "hash": { + "sha1": "cc17168b70aa92d45a39d4099fd33e07c1ce60ec", + "sha256": "59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db", + "tlsh": "T19356AF42B69900E8ECE6907D858B566BE2B07872073387CB51601F9A7F732E14F7A357", + "ssdeep": "98304:n12FO997SME1kPnt2O5KX3WRZKeRx7Y2VaVAbBkmN6ce+Qjj1RnSti:nrwH4ntvKX3WTKeRx7Y2VaVAbN6j1Rnr", + "md5": "56f2bb418e3aa2acd38851e89cf5937b" + } + }, + "ecs": { + "version": "1.6.0" + }, + "service": { + "type": "virustotal" + }, + "host": { + "name": "eBook" + }, + "virustotal": { + "magic": "PE32+ executable for MS Windows (GUI) Mono/.Net assembly", + "type_tag": "peexe", + "downloadable": true, + "capabilities": [ + "network_tcp_socket", + "network_tcp_listen", + "screenshot", + "win_mutex", + "keylogger", + "str_win32_winsock2_library", + "win_registry", + "win_files_operation" + ], + "context_attributes": {}, + "exiftool": { + "pe_type": "PE32+", + "machine_type": "AMD AMD64", + "code_size": "2353664", + "uninitialized_data_size": "0", + "file_type_extension": "exe", + "os_version": "6.0", + "subsystem": "Windows GUI", + "image_version": "0.0", + "linker_version": "14.27", + "mime_type": "application/octet-stream", + "file_type": "Win64 EXE", + "image_file_characteristics": "Executable, Large address aware", + "initialized_data_size": "6767104", + "entry_point": "0x1b8a50", + "timestamp": "2020:10:26 14:36:21+00:00", + "subsystem_version": "6.0" + }, + "analysis": { + "date": "2020-10-28T16:58:43.000Z", + "stats": { + "malicious": 13, + "type-unsupported": 4, + "failure": 0, + "undetected": 58, + "confirmed-timeout": 0, + "suspicious": 0, + "harmless": 0, + "timeout": 0 + }, + "results": [ + { + "result": null, + "method": "blacklist", + "engine_name": "CrowdStrike", + "category": "undetected", + "engine_version": "1.0", + "engine_update": "20190702" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7GW", + "category": "undetected", + "engine_version": "11.148.35577", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Microsoft", + "category": "undetected", + "engine_version": "1.1.17500.4", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Sangfor", + "engine_version": "1.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Antiy-AVL", + "category": "undetected", + "engine_version": "3.0.0.1", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Baidu", + "engine_version": "1.0.0.2", + "category": "undetected", + "engine_update": "20190318" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ClamAV", + "category": "undetected", + "engine_version": "0.102.3.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Ikarus", + "category": "undetected", + "engine_version": "0.1.5.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Sophos", + "engine_version": "4.98.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TotalDefense", + "engine_version": "37.1.62.1", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "K7AntiVirus", + "engine_version": "11.148.35577", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Symantec", + "category": "undetected", + "engine_version": "1.13.0.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AVG", + "category": "undetected", + "engine_version": "18.4.3895.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AhnLab-V3", + "engine_version": "3.18.2.10046", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cylance", + "engine_version": "2.3.1.101", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cynet", + "category": "undetected", + "engine_version": "4.0.0.24", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Rising", + "category": "undetected", + "engine_version": "25.0.0.26", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kaspersky", + "engine_version": "15.0.1.13", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Kingsoft", + "engine_version": "2013.8.14.323", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trapmine", + "engine_version": "3.5.0.1023", + "category": "type-unsupported", + "engine_update": "20200727" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Acronis", + "category": "undetected", + "engine_version": "1.1.1.80", + "engine_update": "20201023" + }, + { + "result": "Gen:Variant.Ulise.128482", + "method": "blacklist", + "engine_name": "Ad-Aware", + "category": "malicious", + "engine_version": "3.0.16.117", + "engine_update": "20201028" + }, + { + "result": "Gen:Variant.Ulise.128482", + "method": "blacklist", + "engine_name": "GData", + "category": "malicious", + "engine_version": "A:25.27523B:27.20682", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Jiangmin", + "category": "undetected", + "engine_version": "16.0.100", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "MaxSecure", + "engine_version": "1.0.0.1", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Yandex", + "engine_version": "5.5.2.24", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "eGambit", + "engine_version": null, + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "AegisLab", + "engine_version": "4.2", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast-Mobile", + "engine_version": "201028-00", + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SentinelOne", + "engine_version": "4.5.0.1", + "category": "undetected", + "engine_update": "20201008" + }, + { + "result": "Trojan.Win64.BAZALOADER.SM", + "method": "blacklist", + "engine_name": "TrendMicro", + "engine_version": "11.0.0.1006", + "category": "malicious", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VIPRE", + "engine_version": "87772", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avast", + "category": "undetected", + "engine_version": "18.4.3895.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Elastic", + "engine_version": "4.0.11", + "category": "undetected", + "engine_update": "20201012" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Paloalto", + "category": "undetected", + "engine_version": "1.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Trustlook", + "engine_version": "1.0", + "category": "type-unsupported", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CMC", + "category": "undetected", + "engine_version": "2.7.2019.1", + "engine_update": "20201028" + }, + { + "result": "W64/Trojan.AUNU-7047", + "method": "blacklist", + "engine_name": "Cyren", + "engine_version": "6.3.0.2", + "category": "malicious", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "F-Secure", + "engine_version": "12.0.86.52", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Tencent", + "engine_version": "1.0.0.1", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zoner", + "engine_version": "0.0.0.0", + "category": "undetected", + "engine_update": "20201027" + }, + { + "result": "Gen:Variant.Ulise.128482", + "method": "blacklist", + "engine_name": "BitDefender", + "engine_version": "7.2", + "category": "malicious", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Cybereason", + "category": "undetected", + "engine_version": "1.2.449", + "engine_update": "20190616" + }, + { + "result": "W64/Kryptik.CCG!tr", + "method": "blacklist", + "engine_name": "Fortinet", + "category": "malicious", + "engine_version": "6.2.142.0", + "engine_update": "20201028" + }, + { + "result": "Gen:Variant.Ulise.128482", + "method": "blacklist", + "engine_name": "MicroWorld-eScan", + "category": "malicious", + "engine_version": "14.0.409.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Panda", + "category": "undetected", + "engine_version": "4.6.4.2", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SymantecMobileInsight", + "category": "type-unsupported", + "engine_version": "2.0", + "engine_update": "20200813" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ZoneAlarm", + "engine_version": "1.0", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Alibaba", + "category": "undetected", + "engine_version": "0.3.0.5", + "engine_update": "20190527" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "BitDefenderTheta", + "category": "undetected", + "engine_version": "7.2.37796.0", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Invincea", + "category": "undetected", + "engine_version": "1.0.1.0", + "engine_update": "20201028" + }, + { + "result": "malware (ai score=86)", + "method": "blacklist", + "engine_name": "MAX", + "engine_version": "2019.9.16.1", + "category": "malicious", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee-GW-Edition", + "engine_version": "v2019.1.2+3728", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Comodo", + "category": "undetected", + "engine_version": "32937", + "engine_update": "20201028" + }, + { + "result": "Gen:Variant.Ulise.128482", + "method": "blacklist", + "engine_name": "FireEye", + "engine_version": "32.36.1.0", + "category": "malicious", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Malwarebytes", + "engine_version": "3.6.4.335", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": "Trojan.Win64.BAZALOADER.SM", + "method": "blacklist", + "engine_name": "TrendMicro-HouseCall", + "category": "malicious", + "engine_version": "10.0.0.1040", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Zillya", + "category": "undetected", + "engine_version": "2.0.0.4209", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "DrWeb", + "engine_version": "7.0.49.9080", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": "Gen:Variant.Ulise.128482 (B)", + "method": "blacklist", + "engine_name": "Emsisoft", + "category": "malicious", + "engine_version": "2018.12.0.1641", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "McAfee", + "engine_version": "6.0.6.653", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "NANO-Antivirus", + "category": "undetected", + "engine_version": "1.0.146.25233", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "SUPERAntiSpyware", + "engine_version": "5.6.0.1032", + "category": "undetected", + "engine_update": "20201023" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "TACHYON", + "category": "undetected", + "engine_version": "2020-10-28.02", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ALYac", + "engine_version": "1.1.1.5", + "category": "undetected", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "APEX", + "category": "undetected", + "engine_version": "6.90", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Bkav", + "category": "undetected", + "engine_version": "1.3.0.9899", + "engine_update": "20201027" + }, + { + "result": "a variant of Win64/Kryptik.CCG", + "method": "blacklist", + "engine_name": "ESET-NOD32", + "category": "malicious", + "engine_version": "22226", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "ViRobot", + "category": "undetected", + "engine_version": "2014.3.20.0", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Webroot", + "category": "undetected", + "engine_version": "1.0.0.403", + "engine_update": "20201028" + }, + { + "result": "Trojan.Ulise.D1F5E2", + "method": "blacklist", + "engine_name": "Arcabit", + "category": "malicious", + "engine_version": "1.0.0.881", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Avira", + "category": "undetected", + "engine_version": "8.3.3.8", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "CAT-QuickHeal", + "category": "undetected", + "engine_version": "14.00", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "Qihoo-360", + "category": "undetected", + "engine_version": "1.0.0.1120", + "engine_update": "20201028" + }, + { + "result": null, + "method": "blacklist", + "engine_name": "VBA32", + "category": "undetected", + "engine_version": "4.4.1", + "engine_update": "20201028" + } + ] + }, + "community": { + "total_votes": { + "malicious": 0, + "harmless": 0 + }, + "reputation": 0 + }, + "tags": [ + "peexe", + "assembly", + "invalid-rich-pe-linker-version", + "overlay", + "64bits", + "corrupt" + ], + "trid": [ + { + "file_type": "Windows Control Panel Item (generic)", + "probability": 82 + }, + { + "file_type": "Microsoft Visual C++ compiled executable (generic)", + "probability": 6.8 + }, + { + "file_type": "Win16 NE executable (generic)", + "probability": 5.8 + }, + { + "file_type": "Win32 Executable (generic)", + "probability": 1.8 + }, + { + "file_type": "OS/2 Executable (generic)", + "probability": 0.8 + } + ], + "notification": { + "snippet": "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........", + "date": "2020-10-28T18:27:06.000Z", + "tags": [ + "ia_dev", + "malware_bazarloader", + "59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db" + ] + }, + "submission": { + "submission_count": 1, + "first_submitted": "2020-10-28T16:58:43.000Z", + "source": { + "geo": { + "country_iso_code": "DE" + }, + "key": "ff6c528f" + }, + "last_submitted": "2020-10-28T16:58:43.000Z", + "unique_sources": 1 + }, + "attributes": { + "signature_info": { + "x509": [ + { + "valid from": "2003-12-04 00:00:00", + "serial number": "47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4", + "valid_usage": "Timestamp Signing", + "valid to": "2013-12-03 23:59:59", + "name": "VeriSign Time Stamping Services CA", + "thumbprint": "F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D", + "cert issuer": "Thawte Timestamping CA", + "algorithm": "sha1RSA" + }, + { + "serial number": "0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88", + "valid from": "2003-12-04 00:00:00", + "valid_usage": "ff", + "valid to": "2008-12-03 23:59:59", + "name": "VeriSign Time Stamping Services Signer", + "thumbprint": "817E78267300CB0FE5D631357851DB366123A690", + "cert issuer": "VeriSign Time Stamping Services CA", + "algorithm": "sha1RSA" + }, + { + "serial number": "C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40", + "valid from": "1997-01-10 07:00:00", + "valid_usage": null, + "valid to": "2020-12-31 07:00:00", + "name": "Microsoft Root Authority", + "thumbprint": "A43489159A520F0D93D032CCAF37E7FE20A8B419", + "cert issuer": "Microsoft Root Authority", + "algorithm": "md5RSA" + }, + { + "serial number": "6A 0B 99 4F C0 00 0C AB 11 D8 22 EF 7D 6C 79 7E", + "valid from": "2002-05-23 08:00:00", + "valid_usage": "Code Signing", + "valid to": "2011-09-25 08:00:00", + "name": "Microsoft Code Signing PCA", + "thumbprint": "B04EDD83D679F4081BC1D2BDBC5F6B3BE5C64C3E", + "cert issuer": "Microsoft Root Authority", + "algorithm": "md5RSA" + }, + { + "serial number": "61 05 87 58 00 03 00 00 00 5A", + "valid from": "2005-01-05 23:20:19", + "valid_usage": "Code Signing", + "valid to": "2006-04-05 23:30:19", + "name": "Microsoft Corporation", + "thumbprint": "A25800BB7577F5854B3823B82228D94140D0244E", + "cert issuer": "Microsoft Code Signing PCA", + "algorithm": "sha1RSA" + } + ] + } + }, + "id": "59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db", + "last_modified": "2020-10-28T17:01:25.000Z", + "type_description": "Win32 EXE", + "hash": { + "vhash": "056076655d65651515015z6100c56z150d5za0600df3z1157z" + } + }, + "event": { + "reference": "https://www.virustotal.com/gui/file/59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db", + "ingested": "2020-10-28T18:28:11.622912253Z", + "original": "{\"attributes\":{\"authentihash\":\"8addb5cf586206d0a1d6cdaf140f9a152d598923a3fe057f0317e9a2648f1d0f\",\"capabilities_tags\":[\"network_tcp_socket\",\"network_tcp_listen\",\"screenshot\",\"win_mutex\",\"keylogger\",\"str_win32_winsock2_library\",\"win_registry\",\"win_files_operation\"],\"creation_date\":1603722981,\"downloadable\":true,\"exiftool\":{\"CodeSize\":\"2353664\",\"EntryPoint\":\"0x1b8a50\",\"FileType\":\"Win64 EXE\",\"FileTypeExtension\":\"exe\",\"ImageFileCharacteristics\":\"Executable, Large address aware\",\"ImageVersion\":\"0.0\",\"InitializedDataSize\":\"6767104\",\"LinkerVersion\":\"14.27\",\"MIMEType\":\"application/octet-stream\",\"MachineType\":\"AMD AMD64\",\"OSVersion\":\"6.0\",\"PEType\":\"PE32+\",\"Subsystem\":\"Windows GUI\",\"SubsystemVersion\":\"6.0\",\"TimeStamp\":\"2020:10:26 14:36:21+00:00\",\"UninitializedDataSize\":\"0\"},\"first_submission_date\":1603904323,\"last_analysis_date\":1603904323,\"last_analysis_results\":{\"ALYac\":{\"category\":\"undetected\",\"engine_name\":\"ALYac\",\"engine_update\":\"20201028\",\"engine_version\":\"1.1.1.5\",\"method\":\"blacklist\",\"result\":null},\"APEX\":{\"category\":\"undetected\",\"engine_name\":\"APEX\",\"engine_update\":\"20201028\",\"engine_version\":\"6.90\",\"method\":\"blacklist\",\"result\":null},\"AVG\":{\"category\":\"undetected\",\"engine_name\":\"AVG\",\"engine_update\":\"20201028\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Acronis\":{\"category\":\"undetected\",\"engine_name\":\"Acronis\",\"engine_update\":\"20201023\",\"engine_version\":\"1.1.1.80\",\"method\":\"blacklist\",\"result\":null},\"Ad-Aware\":{\"category\":\"malicious\",\"engine_name\":\"Ad-Aware\",\"engine_update\":\"20201028\",\"engine_version\":\"3.0.16.117\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482\"},\"AegisLab\":{\"category\":\"undetected\",\"engine_name\":\"AegisLab\",\"engine_update\":\"20201028\",\"engine_version\":\"4.2\",\"method\":\"blacklist\",\"result\":null},\"AhnLab-V3\":{\"category\":\"undetected\",\"engine_name\":\"AhnLab-V3\",\"engine_update\":\"20201028\",\"engine_version\":\"3.18.2.10046\",\"method\":\"blacklist\",\"result\":null},\"Alibaba\":{\"category\":\"undetected\",\"engine_name\":\"Alibaba\",\"engine_update\":\"20190527\",\"engine_version\":\"0.3.0.5\",\"method\":\"blacklist\",\"result\":null},\"Antiy-AVL\":{\"category\":\"undetected\",\"engine_name\":\"Antiy-AVL\",\"engine_update\":\"20201028\",\"engine_version\":\"3.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"Arcabit\":{\"category\":\"malicious\",\"engine_name\":\"Arcabit\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.881\",\"method\":\"blacklist\",\"result\":\"Trojan.Ulise.D1F5E2\"},\"Avast\":{\"category\":\"undetected\",\"engine_name\":\"Avast\",\"engine_update\":\"20201028\",\"engine_version\":\"18.4.3895.0\",\"method\":\"blacklist\",\"result\":null},\"Avast-Mobile\":{\"category\":\"type-unsupported\",\"engine_name\":\"Avast-Mobile\",\"engine_update\":\"20201028\",\"engine_version\":\"201028-00\",\"method\":\"blacklist\",\"result\":null},\"Avira\":{\"category\":\"undetected\",\"engine_name\":\"Avira\",\"engine_update\":\"20201028\",\"engine_version\":\"8.3.3.8\",\"method\":\"blacklist\",\"result\":null},\"Baidu\":{\"category\":\"undetected\",\"engine_name\":\"Baidu\",\"engine_update\":\"20190318\",\"engine_version\":\"1.0.0.2\",\"method\":\"blacklist\",\"result\":null},\"BitDefender\":{\"category\":\"malicious\",\"engine_name\":\"BitDefender\",\"engine_update\":\"20201028\",\"engine_version\":\"7.2\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482\"},\"BitDefenderTheta\":{\"category\":\"undetected\",\"engine_name\":\"BitDefenderTheta\",\"engine_update\":\"20201023\",\"engine_version\":\"7.2.37796.0\",\"method\":\"blacklist\",\"result\":null},\"Bkav\":{\"category\":\"undetected\",\"engine_name\":\"Bkav\",\"engine_update\":\"20201027\",\"engine_version\":\"1.3.0.9899\",\"method\":\"blacklist\",\"result\":null},\"CAT-QuickHeal\":{\"category\":\"undetected\",\"engine_name\":\"CAT-QuickHeal\",\"engine_update\":\"20201028\",\"engine_version\":\"14.00\",\"method\":\"blacklist\",\"result\":null},\"CMC\":{\"category\":\"undetected\",\"engine_name\":\"CMC\",\"engine_update\":\"20201028\",\"engine_version\":\"2.7.2019.1\",\"method\":\"blacklist\",\"result\":null},\"ClamAV\":{\"category\":\"undetected\",\"engine_name\":\"ClamAV\",\"engine_update\":\"20201028\",\"engine_version\":\"0.102.3.0\",\"method\":\"blacklist\",\"result\":null},\"Comodo\":{\"category\":\"undetected\",\"engine_name\":\"Comodo\",\"engine_update\":\"20201028\",\"engine_version\":\"32937\",\"method\":\"blacklist\",\"result\":null},\"CrowdStrike\":{\"category\":\"undetected\",\"engine_name\":\"CrowdStrike\",\"engine_update\":\"20190702\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Cybereason\":{\"category\":\"undetected\",\"engine_name\":\"Cybereason\",\"engine_update\":\"20190616\",\"engine_version\":\"1.2.449\",\"method\":\"blacklist\",\"result\":null},\"Cylance\":{\"category\":\"undetected\",\"engine_name\":\"Cylance\",\"engine_update\":\"20201028\",\"engine_version\":\"2.3.1.101\",\"method\":\"blacklist\",\"result\":null},\"Cynet\":{\"category\":\"undetected\",\"engine_name\":\"Cynet\",\"engine_update\":\"20201028\",\"engine_version\":\"4.0.0.24\",\"method\":\"blacklist\",\"result\":null},\"Cyren\":{\"category\":\"malicious\",\"engine_name\":\"Cyren\",\"engine_update\":\"20201028\",\"engine_version\":\"6.3.0.2\",\"method\":\"blacklist\",\"result\":\"W64/Trojan.AUNU-7047\"},\"DrWeb\":{\"category\":\"undetected\",\"engine_name\":\"DrWeb\",\"engine_update\":\"20201028\",\"engine_version\":\"7.0.49.9080\",\"method\":\"blacklist\",\"result\":null},\"ESET-NOD32\":{\"category\":\"malicious\",\"engine_name\":\"ESET-NOD32\",\"engine_update\":\"20201028\",\"engine_version\":\"22226\",\"method\":\"blacklist\",\"result\":\"a variant of Win64/Kryptik.CCG\"},\"Elastic\":{\"category\":\"undetected\",\"engine_name\":\"Elastic\",\"engine_update\":\"20201012\",\"engine_version\":\"4.0.11\",\"method\":\"blacklist\",\"result\":null},\"Emsisoft\":{\"category\":\"malicious\",\"engine_name\":\"Emsisoft\",\"engine_update\":\"20201028\",\"engine_version\":\"2018.12.0.1641\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482 (B)\"},\"F-Secure\":{\"category\":\"undetected\",\"engine_name\":\"F-Secure\",\"engine_update\":\"20201028\",\"engine_version\":\"12.0.86.52\",\"method\":\"blacklist\",\"result\":null},\"FireEye\":{\"category\":\"malicious\",\"engine_name\":\"FireEye\",\"engine_update\":\"20201028\",\"engine_version\":\"32.36.1.0\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482\"},\"Fortinet\":{\"category\":\"malicious\",\"engine_name\":\"Fortinet\",\"engine_update\":\"20201028\",\"engine_version\":\"6.2.142.0\",\"method\":\"blacklist\",\"result\":\"W64/Kryptik.CCG!tr\"},\"GData\":{\"category\":\"malicious\",\"engine_name\":\"GData\",\"engine_update\":\"20201028\",\"engine_version\":\"A:25.27523B:27.20682\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482\"},\"Ikarus\":{\"category\":\"undetected\",\"engine_name\":\"Ikarus\",\"engine_update\":\"20201028\",\"engine_version\":\"0.1.5.2\",\"method\":\"blacklist\",\"result\":null},\"Invincea\":{\"category\":\"undetected\",\"engine_name\":\"Invincea\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.1.0\",\"method\":\"blacklist\",\"result\":null},\"Jiangmin\":{\"category\":\"undetected\",\"engine_name\":\"Jiangmin\",\"engine_update\":\"20201028\",\"engine_version\":\"16.0.100\",\"method\":\"blacklist\",\"result\":null},\"K7AntiVirus\":{\"category\":\"undetected\",\"engine_name\":\"K7AntiVirus\",\"engine_update\":\"20201028\",\"engine_version\":\"11.148.35577\",\"method\":\"blacklist\",\"result\":null},\"K7GW\":{\"category\":\"undetected\",\"engine_name\":\"K7GW\",\"engine_update\":\"20201028\",\"engine_version\":\"11.148.35577\",\"method\":\"blacklist\",\"result\":null},\"Kaspersky\":{\"category\":\"undetected\",\"engine_name\":\"Kaspersky\",\"engine_update\":\"20201028\",\"engine_version\":\"15.0.1.13\",\"method\":\"blacklist\",\"result\":null},\"Kingsoft\":{\"category\":\"undetected\",\"engine_name\":\"Kingsoft\",\"engine_update\":\"20201028\",\"engine_version\":\"2013.8.14.323\",\"method\":\"blacklist\",\"result\":null},\"MAX\":{\"category\":\"malicious\",\"engine_name\":\"MAX\",\"engine_update\":\"20201028\",\"engine_version\":\"2019.9.16.1\",\"method\":\"blacklist\",\"result\":\"malware (ai score=86)\"},\"Malwarebytes\":{\"category\":\"undetected\",\"engine_name\":\"Malwarebytes\",\"engine_update\":\"20201028\",\"engine_version\":\"3.6.4.335\",\"method\":\"blacklist\",\"result\":null},\"MaxSecure\":{\"category\":\"undetected\",\"engine_name\":\"MaxSecure\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"McAfee\":{\"category\":\"undetected\",\"engine_name\":\"McAfee\",\"engine_update\":\"20201028\",\"engine_version\":\"6.0.6.653\",\"method\":\"blacklist\",\"result\":null},\"McAfee-GW-Edition\":{\"category\":\"undetected\",\"engine_name\":\"McAfee-GW-Edition\",\"engine_update\":\"20201028\",\"engine_version\":\"v2019.1.2+3728\",\"method\":\"blacklist\",\"result\":null},\"MicroWorld-eScan\":{\"category\":\"malicious\",\"engine_name\":\"MicroWorld-eScan\",\"engine_update\":\"20201028\",\"engine_version\":\"14.0.409.0\",\"method\":\"blacklist\",\"result\":\"Gen:Variant.Ulise.128482\"},\"Microsoft\":{\"category\":\"undetected\",\"engine_name\":\"Microsoft\",\"engine_update\":\"20201028\",\"engine_version\":\"1.1.17500.4\",\"method\":\"blacklist\",\"result\":null},\"NANO-Antivirus\":{\"category\":\"undetected\",\"engine_name\":\"NANO-Antivirus\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.146.25233\",\"method\":\"blacklist\",\"result\":null},\"Paloalto\":{\"category\":\"undetected\",\"engine_name\":\"Paloalto\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Panda\":{\"category\":\"undetected\",\"engine_name\":\"Panda\",\"engine_update\":\"20201028\",\"engine_version\":\"4.6.4.2\",\"method\":\"blacklist\",\"result\":null},\"Qihoo-360\":{\"category\":\"undetected\",\"engine_name\":\"Qihoo-360\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1120\",\"method\":\"blacklist\",\"result\":null},\"Rising\":{\"category\":\"undetected\",\"engine_name\":\"Rising\",\"engine_update\":\"20201028\",\"engine_version\":\"25.0.0.26\",\"method\":\"blacklist\",\"result\":null},\"SUPERAntiSpyware\":{\"category\":\"undetected\",\"engine_name\":\"SUPERAntiSpyware\",\"engine_update\":\"20201023\",\"engine_version\":\"5.6.0.1032\",\"method\":\"blacklist\",\"result\":null},\"Sangfor\":{\"category\":\"undetected\",\"engine_name\":\"Sangfor\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"SentinelOne\":{\"category\":\"undetected\",\"engine_name\":\"SentinelOne\",\"engine_update\":\"20201008\",\"engine_version\":\"4.5.0.1\",\"method\":\"blacklist\",\"result\":null},\"Sophos\":{\"category\":\"undetected\",\"engine_name\":\"Sophos\",\"engine_update\":\"20201028\",\"engine_version\":\"4.98.0\",\"method\":\"blacklist\",\"result\":null},\"Symantec\":{\"category\":\"undetected\",\"engine_name\":\"Symantec\",\"engine_update\":\"20201028\",\"engine_version\":\"1.13.0.0\",\"method\":\"blacklist\",\"result\":null},\"SymantecMobileInsight\":{\"category\":\"type-unsupported\",\"engine_name\":\"SymantecMobileInsight\",\"engine_update\":\"20200813\",\"engine_version\":\"2.0\",\"method\":\"blacklist\",\"result\":null},\"TACHYON\":{\"category\":\"undetected\",\"engine_name\":\"TACHYON\",\"engine_update\":\"20201028\",\"engine_version\":\"2020-10-28.02\",\"method\":\"blacklist\",\"result\":null},\"Tencent\":{\"category\":\"undetected\",\"engine_name\":\"Tencent\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.1\",\"method\":\"blacklist\",\"result\":null},\"TotalDefense\":{\"category\":\"undetected\",\"engine_name\":\"TotalDefense\",\"engine_update\":\"20201028\",\"engine_version\":\"37.1.62.1\",\"method\":\"blacklist\",\"result\":null},\"Trapmine\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trapmine\",\"engine_update\":\"20200727\",\"engine_version\":\"3.5.0.1023\",\"method\":\"blacklist\",\"result\":null},\"TrendMicro\":{\"category\":\"malicious\",\"engine_name\":\"TrendMicro\",\"engine_update\":\"20201028\",\"engine_version\":\"11.0.0.1006\",\"method\":\"blacklist\",\"result\":\"Trojan.Win64.BAZALOADER.SM\"},\"TrendMicro-HouseCall\":{\"category\":\"malicious\",\"engine_name\":\"TrendMicro-HouseCall\",\"engine_update\":\"20201028\",\"engine_version\":\"10.0.0.1040\",\"method\":\"blacklist\",\"result\":\"Trojan.Win64.BAZALOADER.SM\"},\"Trustlook\":{\"category\":\"type-unsupported\",\"engine_name\":\"Trustlook\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"VBA32\":{\"category\":\"undetected\",\"engine_name\":\"VBA32\",\"engine_update\":\"20201028\",\"engine_version\":\"4.4.1\",\"method\":\"blacklist\",\"result\":null},\"VIPRE\":{\"category\":\"undetected\",\"engine_name\":\"VIPRE\",\"engine_update\":\"20201028\",\"engine_version\":\"87772\",\"method\":\"blacklist\",\"result\":null},\"ViRobot\":{\"category\":\"undetected\",\"engine_name\":\"ViRobot\",\"engine_update\":\"20201028\",\"engine_version\":\"2014.3.20.0\",\"method\":\"blacklist\",\"result\":null},\"Webroot\":{\"category\":\"undetected\",\"engine_name\":\"Webroot\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0.0.403\",\"method\":\"blacklist\",\"result\":null},\"Yandex\":{\"category\":\"undetected\",\"engine_name\":\"Yandex\",\"engine_update\":\"20201028\",\"engine_version\":\"5.5.2.24\",\"method\":\"blacklist\",\"result\":null},\"Zillya\":{\"category\":\"undetected\",\"engine_name\":\"Zillya\",\"engine_update\":\"20201028\",\"engine_version\":\"2.0.0.4209\",\"method\":\"blacklist\",\"result\":null},\"ZoneAlarm\":{\"category\":\"undetected\",\"engine_name\":\"ZoneAlarm\",\"engine_update\":\"20201028\",\"engine_version\":\"1.0\",\"method\":\"blacklist\",\"result\":null},\"Zoner\":{\"category\":\"undetected\",\"engine_name\":\"Zoner\",\"engine_update\":\"20201027\",\"engine_version\":\"0.0.0.0\",\"method\":\"blacklist\",\"result\":null},\"eGambit\":{\"category\":\"undetected\",\"engine_name\":\"eGambit\",\"engine_update\":\"20201028\",\"engine_version\":null,\"method\":\"blacklist\",\"result\":null}},\"last_analysis_stats\":{\"confirmed-timeout\":0,\"failure\":0,\"harmless\":0,\"malicious\":13,\"suspicious\":0,\"timeout\":0,\"type-unsupported\":4,\"undetected\":58},\"last_modification_date\":1603904485,\"last_submission_date\":1603904323,\"magic\":\"PE32+ executable for MS Windows (GUI) Mono/.Net assembly\",\"md5\":\"56f2bb418e3aa2acd38851e89cf5937b\",\"names\":[],\"pe_info\":{\"compiler_product_versions\":[\"id: 259, version: 27412 count=18\",\"id: 253, version: 23601 count=2\",\"id: 260, version: 27412 count=36\",\"id: 261, version: 27412 count=208\",\"id: 262, version: 27412 count=1\",\"id: 257, version: 27412 count=35\",\"[---] Unmarked objects count=841\",\"id: 260, version: 28920 count=18\",\"id: 259, version: 28920 count=11\",\"id: 261, version: 28920 count=466\",\"id: 261, version: 29111 count=15\",\"id: 255, version: 29111 count=1\",\"id: 151, version: 0 count=1\",\"id: 258, version: 29111 count=1\"],\"debug\":[{\"codeview\":{\"age\":1,\"guid\":\"27c35118-a280-4f8d-9ffa-5bfa164986c3\",\"name\":\"B:\\\\23.10.20\\\\natchat-master\\\\natchat-master\\\\x64\\\\Release\\\\natchat.pdb\",\"signature\":\"RSDS\"},\"offset\":2848180,\"size\":90,\"timestamp\":\"Mon Oct 26 14:36:21 2020\",\"type\":2,\"type_str\":\"IMAGE_DEBUG_TYPE_CODEVIEW\"},{\"offset\":2848272,\"size\":20,\"timestamp\":\"Mon Oct 26 14:36:21 2020\",\"type\":12,\"type_str\":\"IMAGE_DEBUG_TYPE_VC_FEATURE\"},{\"offset\":2848292,\"size\":984,\"timestamp\":\"Mon Oct 26 14:36:21 2020\",\"type\":13,\"type_str\":\"IMAGE_DEBUG_TYPE_POGO\"}],\"entry_point\":1804880,\"imphash\":\"68477125a486ea0db1018d0cc1b74711\",\"import_list\":[{\"imported_functions\":[\"GdipBitmapLockBits\",\"GdipGetImagePixelFormat\",\"GdipCreateBitmapFromScan0\",\"GdiplusShutdown\",\"GdipGetImagePalette\",\"GdipDisposeImage\",\"GdipBitmapUnlockBits\",\"GdiplusStartup\",\"GdipDeleteGraphics\",\"GdipCreateBitmapFromStream\",\"GdipCreateFromHDC\",\"GdipGetImageWidth\",\"GdipCreateBitmapFromHBITMAP\",\"GdipAlloc\",\"GdipGetImagePaletteSize\",\"GdipDrawImageI\",\"GdipDrawImageRectI\",\"GdipSetInterpolationMode\",\"GdipFree\",\"GdipGetImageHeight\",\"GdipCloneImage\",\"GdipGetImageGraphicsContext\"],\"library_name\":\"gdiplus.dll\"},{\"imported_functions\":[\"TransparentBlt\",\"AlphaBlend\"],\"library_name\":\"MSIMG32.dll\"},{\"imported_functions\":[\"GetStdHandle\",\"GetConsoleOutputCP\",\"InterlockedPopEntrySList\",\"DeactivateActCtx\",\"WaitForSingleObject\",\"SetEndOfFile\",\"SignalObjectAndWait\",\"CreateTimerQueue\",\"GetFileAttributesW\",\"lstrcmpW\",\"SystemTimeToTzSpecificLocalTime\",\"DeleteCriticalSection\",\"GetCurrentProcess\",\"GetConsoleMode\",\"LocalAlloc\",\"UnhandledExceptionFilter\",\"SetFilePointer\",\"SetErrorMode\",\"GetSystemDirectoryW\",\"FreeEnvironmentStringsW\",\"InitializeSListHead\",\"FileTimeToSystemTime\",\"GetLocaleInfoW\",\"SetStdHandle\",\"GetFileTime\",\"GetCPInfo\",\"FindResourceExW\",\"FormatMessageW\",\"GetSystemTimeAsFileTime\",\"GetCommandLineA\",\"GetThreadTimes\",\"HeapReAlloc\",\"GetStringTypeW\",\"FindActCtxSectionStringW\",\"FreeLibrary\",\"LocalFree\",\"GetProfileIntW\",\"GetThreadPriority\",\"FreeLibraryAndExitThread\",\"InitializeCriticalSection\",\"OutputDebugStringW\",\"GlobalHandle\",\"VirtualAllocExNuma\",\"FindClose\",\"TlsGetValue\",\"GetFullPathNameW\",\"QueueUserWorkItem\",\"EncodePointer\",\"OutputDebugStringA\",\"GetCurrentThread\",\"InterlockedPushEntrySList\",\"SetLastError\",\"GetUserDefaultUILanguage\",\"GetCurrentDirectoryW\",\"GlobalFindAtomW\",\"LoadResource\",\"InitOnceComplete\",\"TryEnterCriticalSection\",\"IsDebuggerPresent\",\"ExitProcess\",\"InitializeCriticalSectionEx\",\"VerSetConditionMask\",\"GetSystemDefaultUILanguage\",\"CreateActCtxW\",\"SetThreadPriority\",\"ActivateActCtx\",\"RtlVirtualUnwind\",\"EnumSystemLocalesW\",\"LoadLibraryExW\",\"MultiByteToWideChar\",\"VerifyVersionInfoW\",\"SetFilePointerEx\",\"DeleteTimerQueueTimer\",\"GetPrivateProfileStringW\",\"RegisterWaitForSingleObject\",\"GlobalAddAtomW\",\"CreateThread\",\"SetEnvironmentVariableW\",\"InterlockedFlushSList\",\"SetUnhandledExceptionFilter\",\"MulDiv\",\"IsProcessorFeaturePresent\",\"ExitThread\",\"DecodePointer\",\"InitOnceBeginInitialize\",\"TerminateProcess\",\"SearchPathW\",\"GetModuleHandleExW\",\"GlobalUnlock\",\"GlobalAlloc\",\"ChangeTimerQueueTimer\",\"CreateEventW\",\"ReadConsoleW\",\"GetCurrentThreadId\",\"GetProcAddress\",\"WriteConsoleW\",\"InitializeCriticalSectionAndSpinCount\",\"HeapFree\",\"EnterCriticalSection\",\"LoadLibraryW\",\"GetLastError\",\"GetVersionExW\",\"GetOEMCP\",\"QueryPerformanceCounter\",\"GetTickCount\",\"TlsAlloc\",\"VirtualProtect\",\"FlushFileBuffers\",\"lstrcmpiW\",\"RtlUnwind\",\"CopyFileW\",\"GlobalSize\",\"UnlockFile\",\"RtlPcToFileHeader\",\"GetWindowsDirectoryW\",\"GetFileSize\",\"GlobalDeleteAtom\",\"GetDateFormatW\",\"GetStartupInfoW\",\"SetEvent\",\"DeleteFileW\",\"GetUserDefaultLCID\",\"GetPrivateProfileIntW\",\"GetProcessHeap\",\"GetTempFileNameW\",\"QueryDepthSList\",\"GetTimeFormatW\",\"WriteFile\",\"GetFileSizeEx\",\"GlobalReAlloc\",\"GetModuleFileNameW\",\"lstrcmpA\",\"FindNextFileW\",\"RtlLookupFunctionEntry\",\"ResetEvent\",\"CreateTimerQueueTimer\",\"FindResourceW\",\"FindFirstFileW\",\"IsValidLocale\",\"DuplicateHandle\",\"FindFirstFileExW\",\"RtlUnwindEx\",\"GetProcessAffinityMask\",\"GetTimeZoneInformation\",\"CreateFileW\",\"GetFileType\",\"TlsSetValue\",\"HeapAlloc\",\"LeaveCriticalSection\",\"GlobalGetAtomNameW\",\"LocalReAlloc\",\"LCMapStringW\",\"GetSystemInfo\",\"GlobalFree\",\"ResumeThread\",\"UnregisterWaitEx\",\"CompareStringW\",\"GetVolumeInformationW\",\"GetEnvironmentStringsW\",\"lstrcpyW\",\"WaitForSingleObjectEx\",\"LockFile\",\"SwitchToThread\",\"SizeofResource\",\"UnregisterWait\",\"GetCurrentProcessId\",\"LockResource\",\"GetCommandLineW\",\"HeapQueryInformation\",\"WideCharToMultiByte\",\"HeapSize\",\"QueryActCtxW\",\"RaiseException\",\"SetThreadAffinityMask\",\"WritePrivateProfileStringW\",\"QueryPerformanceFrequency\",\"ReleaseSemaphore\",\"TlsFree\",\"GetModuleHandleA\",\"ReadFile\",\"GlobalFlags\",\"RtlCaptureContext\",\"CloseHandle\",\"GetACP\",\"GlobalLock\",\"GetModuleHandleW\",\"FreeResource\",\"FileTimeToLocalFileTime\",\"GetFileAttributesExW\",\"GetLogicalProcessorInformation\",\"GetNumaHighestNodeNumber\",\"IsValidCodePage\",\"GetTempPathW\",\"VirtualQuery\",\"VirtualFree\",\"Sleep\",\"VirtualAlloc\"],\"library_name\":\"KERNEL32.dll\"},{\"imported_functions\":[\"IsAppThemed\",\"GetThemeSysColor\",\"GetThemeColor\",\"GetCurrentThemeName\",\"DrawThemeText\",\"OpenThemeData\",\"DrawThemeParentBackground\",\"CloseThemeData\",\"DrawThemeBackground\",\"GetWindowTheme\",\"IsThemeBackgroundPartiallyTransparent\",\"GetThemePartSize\"],\"library_name\":\"UxTheme.dll\"},{\"imported_functions\":[\"VariantChangeType\",\"VariantTimeToSystemTime\",\"SysStringLen\",\"SystemTimeToVariantTime\",\"SysAllocStringLen\",\"VarBstrFromDate\",\"VariantClear\",\"SysAllocString\",\"VariantCopy\",\"OleLoadPicture\",\"LoadTypeLib\",\"SysFreeString\",\"VariantInit\"],\"library_name\":\"OLEAUT32.dll\"},{\"imported_functions\":[\"DragQueryFileW\",\"SHBrowseForFolderW\",\"ShellExecuteW\",\"SHGetPathFromIDListW\",\"SHGetSpecialFolderLocation\",\"SHAppBarMessage\",\"SHGetFileInfoW\",\"SHGetDesktopFolder\",\"SHGetMalloc\",\"DragFinish\"],\"library_name\":\"SHELL32.dll\"},{\"imported_functions\":[\"CreateStdAccessibleObject\",\"AccessibleObjectFromWindow\",\"LresultFromObject\"],\"library_name\":\"OLEACC.dll\"},{\"imported_functions\":[\"PlaySoundW\"],\"library_name\":\"WINMM.dll\"},{\"imported_functions\":[\"GetTextMetricsW\",\"SetMapMode\",\"GetWindowOrgEx\",\"GetPaletteEntries\",\"CombineRgn\",\"GetViewportOrgEx\",\"GetObjectType\",\"GetBoundsRect\",\"SetLayout\",\"SetPixel\",\"SetPixelV\",\"DeleteObject\",\"IntersectClipRect\",\"OffsetWindowOrgEx\",\"CreateEllipticRgn\",\"GetTextFaceW\",\"CreatePalette\",\"CreateDIBitmap\",\"SetTextAlign\",\"StretchBlt\",\"ScaleViewportExtEx\",\"SetWindowExtEx\",\"SetBkColor\",\"GetBkColor\",\"SetRectRgn\",\"GetTextCharsetInfo\",\"TextOutW\",\"CreateFontIndirectW\",\"OffsetRgn\",\"CreateRectRgnIndirect\",\"LPtoDP\",\"GetPixel\",\"GetLayout\",\"ExcludeClipRect\",\"OffsetViewportOrgEx\",\"SetBkMode\",\"EnumFontFamiliesW\",\"PtInRegion\",\"BitBlt\",\"FillRgn\",\"FrameRgn\",\"SelectPalette\",\"PtVisible\",\"ExtSelectClipRgn\",\"ScaleWindowExtEx\",\"SetROP2\",\"GetNearestPaletteIndex\",\"SetDIBColorTable\",\"GetTextColor\",\"Escape\",\"SetViewportExtEx\",\"GetWindowExtEx\",\"PatBlt\",\"CreatePen\",\"GetClipBox\",\"Rectangle\",\"GetDeviceCaps\",\"LineTo\",\"DeleteDC\",\"GetSystemPaletteEntries\",\"GetObjectW\",\"CreateDCW\",\"RealizePalette\",\"CreateHatchBrush\",\"CreatePatternBrush\",\"ExtTextOutW\",\"SetPaletteEntries\",\"CreateBitmap\",\"RectVisible\",\"GetStockObject\",\"SelectClipRgn\",\"RoundRect\",\"SetWindowOrgEx\",\"GetViewportExtEx\",\"GetTextExtentPoint32W\",\"CreatePolygonRgn\",\"Polygon\",\"GetRgnBox\",\"SaveDC\",\"RestoreDC\",\"CreateDIBSection\",\"SetTextColor\",\"ExtFloodFill\",\"MoveToEx\",\"EnumFontFamiliesExW\",\"SetViewportOrgEx\",\"CreateRoundRectRgn\",\"CreateCompatibleDC\",\"CreateRectRgn\",\"SelectObject\",\"SetPolyFillMode\",\"CopyMetaFileW\",\"CreateCompatibleBitmap\",\"CreateSolidBrush\",\"Polyline\",\"DPtoLP\",\"Ellipse\"],\"library_name\":\"GDI32.dll\"},{\"imported_functions\":[\"ClosePrinter\",\"DocumentPropertiesW\",\"OpenPrinterW\"],\"library_name\":\"WINSPOOL.DRV\"},{\"imported_functions\":[\"RegCreateKeyExW\",\"RegDeleteValueW\",\"RegCloseKey\",\"CryptAcquireContextA\",\"RegSetValueExW\",\"RegEnumValueW\",\"RegEnumKeyW\",\"RegEnumKeyExW\",\"CryptAcquireContextW\",\"CryptEncrypt\",\"RegOpenKeyExW\",\"RegDeleteKeyW\",\"CryptHashData\",\"RegQueryValueExW\",\"RegQueryValueW\",\"CryptCreateHash\"],\"library_name\":\"ADVAPI32.dll\"},{\"imported_functions\":[\"CoInitializeEx\",\"OleLockRunning\",\"CoCreateInstance\",\"CoInitialize\",\"CoTaskMemAlloc\",\"CoLockObjectExternal\",\"IsAccelerator\",\"CoCreateGuid\",\"RegisterDragDrop\",\"OleCreateMenuDescriptor\",\"CoUninitialize\",\"OleDestroyMenuDescriptor\",\"ReleaseStgMedium\",\"DoDragDrop\",\"RevokeDragDrop\",\"CoDisconnectObject\",\"OleGetClipboard\",\"OleDuplicateData\",\"CoTaskMemFree\",\"CreateStreamOnHGlobal\",\"OleTranslateAccelerator\"],\"library_name\":\"ole32.dll\"},{\"imported_functions\":[\"PathFindFileNameW\",\"PathRemoveFileSpecW\",\"PathIsUNCW\",\"PathFindExtensionW\",\"StrFormatKBSizeW\",\"PathStripToRootW\"],\"library_name\":\"SHLWAPI.dll\"},{\"imported_functions\":[\"connect\",\"setsockopt\",\"htons\",\"gethostname\",\"socket\",\"bind\",\"WSAStartup\",\"inet_ntop\",\"accept\",\"WSACleanup\",\"recvfrom\",\"gethostbyname\",\"WSASocketW\",\"sendto\",\"closesocket\",\"WSASetLastError\",\"inet_pton\",\"recv\",\"inet_ntoa\",\"send\",\"listen\"],\"library_name\":\"WS2_32.dll\"},{\"imported_functions\":[\"RedrawWindow\",\"GetForegroundWindow\",\"SetWindowRgn\",\"SetMenuItemBitmaps\",\"DrawTextW\",\"SetWindowLongPtrW\",\"SetRectEmpty\",\"EnableScrollBar\",\"DestroyMenu\",\"PostQuitMessage\",\"GetMessagePos\",\"DrawStateW\",\"SetWindowPos\",\"GetNextDlgTabItem\",\"IsWindow\",\"GrayStringW\",\"EndPaint\",\"WindowFromPoint\",\"DrawIcon\",\"GetMessageTime\",\"SetMenuItemInfoW\",\"SetActiveWindow\",\"GetDC\",\"GetAsyncKeyState\",\"MapDialogRect\",\"GetDlgCtrlID\",\"GetMenu\",\"UnregisterClassW\",\"GetClientRect\",\"DefWindowProcW\",\"SetMenuDefaultItem\",\"SetScrollPos\",\"CallNextHookEx\",\"IsClipboardFormatAvailable\",\"LoadImageW\",\"GetKeyboardState\",\"GetActiveWindow\",\"OpenClipboard\",\"GetWindowTextW\",\"RegisterClipboardFormatW\",\"CopyAcceleratorTableW\",\"GetWindowTextLengthW\",\"LoadAcceleratorsW\",\"ScrollWindow\",\"GetKeyState\",\"TrackMouseEvent\",\"DrawEdge\",\"GetParent\",\"UpdateWindow\",\"GetPropW\",\"EqualRect\",\"GetMenuState\",\"MapVirtualKeyExW\",\"GetMessageW\",\"ShowWindow\",\"DrawFrameControl\",\"GetNextDlgGroupItem\",\"SetPropW\",\"EnumDisplayMonitors\",\"DefMDIChildProcW\",\"PeekMessageW\",\"TranslateMDISysAccel\",\"EnableWindow\",\"SetWindowPlacement\",\"CharUpperW\",\"LoadIconW\",\"GetMenuCheckMarkDimensions\",\"TranslateMessage\",\"IsWindowEnabled\",\"GetWindow\",\"GetMenuDefaultItem\",\"RegisterClassW\",\"GetIconInfo\",\"SetParent\",\"GetMenuStringW\",\"IsZoomed\",\"GetWindowPlacement\",\"DestroyWindow\",\"GetWindowLongPtrW\",\"IsCharLowerW\",\"EnableMenuItem\",\"InvertRect\",\"DrawFocusRect\",\"SetTimer\",\"GetKeyboardLayout\",\"FlashWindow\",\"MonitorFromPoint\",\"CreateAcceleratorTableW\",\"GetSysColorBrush\",\"RealChildWindowFromPoint\",\"CreateWindowExW\",\"TabbedTextOutW\",\"GetWindowLongW\",\"GetUpdateRect\",\"PtInRect\",\"IsChild\",\"DrawMenuBar\",\"MapWindowPoints\",\"RegisterWindowMessageW\",\"GetMonitorInfoW\",\"ReleaseCapture\",\"IsIconic\",\"SetClassLongPtrW\",\"BeginPaint\",\"OffsetRect\",\"SetFocus\",\"GetScrollPos\",\"CopyIcon\",\"KillTimer\",\"MapVirtualKeyW\",\"GetComboBoxInfo\",\"GetClassInfoExW\",\"ToUnicodeEx\",\"SendDlgItemMessageA\",\"GetSystemMetrics\",\"SetWindowLongW\",\"SetScrollRange\",\"GetWindowRect\",\"InflateRect\",\"SetCapture\",\"IsDialogMessageW\",\"IntersectRect\",\"PostMessageW\",\"InvalidateRect\",\"CheckDlgButton\",\"DrawTextExW\",\"WaitMessage\",\"CreatePopupMenu\",\"CheckMenuItem\",\"GetSubMenu\",\"SetClipboardData\",\"GetLastActivePopup\",\"DrawIconEx\",\"CharUpperBuffW\",\"SetWindowTextW\",\"CreateMenu\",\"GetDlgItem\",\"RemovePropW\",\"BringWindowToTop\",\"ClientToScreen\",\"GetScrollInfo\",\"TrackPopupMenu\",\"PostThreadMessageW\",\"GetMenuItemCount\",\"GetClassLongPtrW\",\"DestroyAcceleratorTable\",\"BeginDeferWindowPos\",\"ValidateRect\",\"SetWindowsHookExW\",\"LoadCursorW\",\"GetSystemMenu\",\"ReuseDDElParam\",\"GetMenuItemID\",\"InsertMenuW\",\"FillRect\",\"SetForegroundWindow\",\"NotifyWinEvent\",\"GetMenuItemInfoW\",\"GetCursorPos\",\"CreateDialogIndirectParamW\",\"ReleaseDC\",\"GetScrollRange\",\"SetLayeredWindowAttributes\",\"EndDialog\",\"ModifyMenuW\",\"HideCaret\",\"CopyRect\",\"GetCapture\",\"ScreenToClient\",\"MessageBeep\",\"LoadMenuW\",\"RemoveMenu\",\"GetWindowThreadProcessId\",\"DeferWindowPos\",\"ShowScrollBar\",\"MessageBoxW\",\"SendMessageW\",\"LockWindowUpdate\",\"UnhookWindowsHookEx\",\"MoveWindow\",\"AppendMenuW\",\"GetWindowDC\",\"DestroyCursor\",\"AdjustWindowRectEx\",\"GetSysColor\",\"DispatchMessageW\",\"SetDlgItemTextW\",\"SetScrollInfo\",\"CopyImage\",\"EndDeferWindowPos\",\"GetWindowRgn\",\"UpdateLayeredWindow\",\"GetDoubleClickTime\",\"DestroyIcon\",\"GetTopWindow\",\"DefFrameProcW\",\"ShowOwnedPopups\",\"WinHelpW\",\"LoadBitmapW\",\"EmptyClipboard\",\"GetDesktopWindow\",\"SubtractRect\",\"UnpackDDElParam\",\"SetCursorPos\",\"SystemParametersInfoW\",\"UnionRect\",\"MonitorFromWindow\",\"FrameRect\",\"SetRect\",\"DeleteMenu\",\"GetKeyNameTextW\",\"CallWindowProcW\",\"GetClassNameW\",\"GetClassInfoW\",\"IsRectEmpty\",\"IsMenu\",\"GetFocus\",\"InsertMenuItemW\",\"CloseClipboard\",\"IsWindowVisible\",\"TranslateAcceleratorW\",\"SetMenu\",\"SetCursor\"],\"library_name\":\"USER32.dll\"},{\"imported_functions\":[\"ImmReleaseContext\",\"ImmGetContext\",\"ImmGetOpenStatus\"],\"library_name\":\"IMM32.dll\"}],\"machine_type\":34404,\"overlay\":{\"chi2\":20264084,\"entropy\":3.9820261001586914,\"filetype\":\"Data\",\"md5\":\"fcdcb45989ddf2e60a97b2db03f3ba02\",\"offset\":5665280,\"size\":330992},\"resource_details\":[{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"AFX_DIALOG_LAYOUT\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"GIF\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"GIF\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"GIF\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"PNG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"STYLE_XML\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"STYLE_XML\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"STYLE_XML\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"STYLE_XML\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"STYLE_XML\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_BITMAP\"},{\"chi2\":3937929,\"entropy\":3.7023355960845947,\"filetype\":\"Data\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4\",\"type\":\"RT_ICON\"},{\"chi2\":3937929,\"entropy\":3.7023355960845947,\"filetype\":\"Data\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4\",\"type\":\"RT_ICON\"},{\"chi2\":3937929,\"entropy\":3.7023355960845947,\"filetype\":\"Data\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"23c92d8e4ada85552a19b58228cacbbb237c0ce650d2f5d3a343e9fc2ff3f3f4\",\"type\":\"RT_ICON\"},{\"chi2\":2364152.25,\"entropy\":3.628403425216675,\"filetype\":\"Data\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"443f4da64679022e015dce490d84749ce75278dc1988fc0cf0b031c74c9de8ea\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_MENU\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_DIALOG\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_STRING\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_ACCELERATOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_CURSOR\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":1669.60009765625,\"entropy\":1.9804819822311401,\"filetype\":\"ASCII text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":1567.2001953125,\"entropy\":2.160964012145996,\"filetype\":\"ASCII text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"12598188b44d76a8828aa7a8211c4c1bfa8093f617928f5c8f3da9cd81a42d64\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":1567.2001953125,\"entropy\":2.160964012145996,\"filetype\":\"ASCII text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"c5ed0d15770e8cd7fb0d5796315496756f297460843dab62de0bea7c3cfea703\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_GROUP_ICON\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_VERSION\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"ENGLISH US\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"RT_MANIFEST\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"Struct(241)\"},{\"chi2\":-1,\"entropy\":0,\"filetype\":\"English text\",\"lang\":\"CHINESE SIMPLIFIED\",\"sha256\":\"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\",\"type\":\"Struct(241)\"}],\"resource_langs\":{\"CHINESE SIMPLIFIED\":760,\"ENGLISH US\":1},\"resource_types\":{\"AFX_DIALOG_LAYOUT\":6,\"GIF\":3,\"PNG\":553,\"RT_ACCELERATOR\":1,\"RT_BITMAP\":46,\"RT_CURSOR\":28,\"RT_DIALOG\":29,\"RT_GROUP_CURSOR\":27,\"RT_GROUP_ICON\":10,\"RT_ICON\":18,\"RT_MANIFEST\":1,\"RT_MENU\":1,\"RT_STRING\":30,\"RT_VERSION\":1,\"STYLE_XML\":5,\"Struct(241)\":2},\"rich_pe_header_hash\":\"fab25d91a463935a05c0f72e536aeb83\",\"sections\":[{\"chi2\":17140224,\"entropy\":6.37,\"flags\":\"rx\",\"md5\":\"97842f7d2072a1cb0812f58778bb3865\",\"name\":\".text\",\"raw_size\":2353664,\"virtual_address\":4096,\"virtual_size\":2353504},{\"chi2\":33604536,\"entropy\":4.73,\"flags\":\"r\",\"md5\":\"f003701800a5c3855407575152264ae2\",\"name\":\".rdata\",\"raw_size\":646144,\"virtual_address\":2359296,\"virtual_size\":646042},{\"chi2\":13360996,\"entropy\":6.83,\"flags\":\"rw\",\"md5\":\"c1c3b61facc00261e2f623601441132e\",\"name\":\".data\",\"raw_size\":2542592,\"virtual_address\":3006464,\"virtual_size\":2579264},{\"chi2\":2377556.5,\"entropy\":6.12,\"flags\":\"r\",\"md5\":\"0ef3824d2563365dea4fc12efe6d7d81\",\"name\":\".pdata\",\"raw_size\":121344,\"virtual_address\":5586944,\"virtual_size\":121296},{\"chi2\":84698,\"entropy\":1.47,\"flags\":\"r\",\"md5\":\"982c22ff21a635c94655d858aa42b98c\",\"name\":\"_RDATA\",\"raw_size\":512,\"virtual_address\":5709824,\"virtual_size\":148},{\"chi2\":20264084,\"entropy\":3.98,\"flags\":\"r\",\"md5\":\"fcdcb45989ddf2e60a97b2db03f3ba02\",\"name\":\".rsrc\",\"raw_size\":3353088,\"virtual_address\":5713920,\"virtual_size\":3352704},{\"chi2\":-1,\"entropy\":0,\"flags\":\"r\",\"md5\":\"d41d8cd98f00b204e9800998ecf8427e\",\"name\":\".reloc\",\"raw_size\":66560,\"virtual_address\":9068544,\"virtual_size\":66292}],\"timestamp\":1603722981},\"reputation\":0,\"sha1\":\"cc17168b70aa92d45a39d4099fd33e07c1ce60ec\",\"sha256\":\"59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db\",\"signature_info\":{\"x509\":[{\"algorithm\":\"sha1RSA\",\"cert issuer\":\"Thawte Timestamping CA\",\"name\":\"VeriSign Time Stamping Services CA\",\"serial number\":\"47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4\",\"thumbprint\":\"F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D\",\"valid from\":\"2003-12-04 00:00:00\",\"valid to\":\"2013-12-03 23:59:59\",\"valid_usage\":\"Timestamp Signing\"},{\"algorithm\":\"sha1RSA\",\"cert issuer\":\"VeriSign Time Stamping Services CA\",\"name\":\"VeriSign Time Stamping Services Signer\",\"serial number\":\"0D E9 2B F0 D4 D8 29 88 18 32 05 09 5E 9A 76 88\",\"thumbprint\":\"817E78267300CB0FE5D631357851DB366123A690\",\"valid from\":\"2003-12-04 00:00:00\",\"valid to\":\"2008-12-03 23:59:59\",\"valid_usage\":\"ff\"},{\"algorithm\":\"md5RSA\",\"cert issuer\":\"Microsoft Root Authority\",\"name\":\"Microsoft Root Authority\",\"serial number\":\"C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40\",\"thumbprint\":\"A43489159A520F0D93D032CCAF37E7FE20A8B419\",\"valid from\":\"1997-01-10 07:00:00\",\"valid to\":\"2020-12-31 07:00:00\",\"valid_usage\":null},{\"algorithm\":\"md5RSA\",\"cert issuer\":\"Microsoft Root Authority\",\"name\":\"Microsoft Code Signing PCA\",\"serial number\":\"6A 0B 99 4F C0 00 0C AB 11 D8 22 EF 7D 6C 79 7E\",\"thumbprint\":\"B04EDD83D679F4081BC1D2BDBC5F6B3BE5C64C3E\",\"valid from\":\"2002-05-23 08:00:00\",\"valid to\":\"2011-09-25 08:00:00\",\"valid_usage\":\"Code Signing\"},{\"algorithm\":\"sha1RSA\",\"cert issuer\":\"Microsoft Code Signing PCA\",\"name\":\"Microsoft Corporation\",\"serial number\":\"61 05 87 58 00 03 00 00 00 5A\",\"thumbprint\":\"A25800BB7577F5854B3823B82228D94140D0244E\",\"valid from\":\"2005-01-05 23:20:19\",\"valid to\":\"2006-04-05 23:30:19\",\"valid_usage\":\"Code Signing\"}]},\"size\":5996272,\"ssdeep\":\"98304:n12FO997SME1kPnt2O5KX3WRZKeRx7Y2VaVAbBkmN6ce+Qjj1RnSti:nrwH4ntvKX3WTKeRx7Y2VaVAbN6j1Rnr\",\"tags\":[\"peexe\",\"assembly\",\"invalid-rich-pe-linker-version\",\"overlay\",\"64bits\",\"corrupt\"],\"times_submitted\":1,\"tlsh\":\"T19356AF42B69900E8ECE6907D858B566BE2B07872073387CB51601F9A7F732E14F7A357\",\"total_votes\":{\"harmless\":0,\"malicious\":0},\"trid\":[{\"file_type\":\"Windows Control Panel Item (generic)\",\"probability\":82},{\"file_type\":\"Microsoft Visual C++ compiled executable (generic)\",\"probability\":6.8},{\"file_type\":\"Win16 NE executable (generic)\",\"probability\":5.8},{\"file_type\":\"Win32 Executable (generic)\",\"probability\":1.8},{\"file_type\":\"OS/2 Executable (generic)\",\"probability\":0.8}],\"type_description\":\"Win32 EXE\",\"type_tag\":\"peexe\",\"unique_sources\":1,\"vhash\":\"056076655d65651515015z6100c56z150d5za0600df3z1157z\"},\"context_attributes\":{\"match_in_subfile\":false,\"notification_date\":1603909626,\"notification_id\":\"1674437631322730-5395972918378496-11ef342ff3759d353412e569b1cfefaf\",\"notification_snippet\":\"00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\\n00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\\n00 00 00 00 00 0C 91 15 00 0B 83 42 00 0C 88 *begin_highlight*67*end_highlight* ...........B...*begin_highlight*g*end_highlight*\\n*begin_highlight*00 0F 92 88 00 11 98 A1 00 12 9C B6 00 13 9F C8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 12 9E D4 00 12 A2 DA 00 13 A3 E1 00 13 A3 E8*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A3 EB 00 13 A1 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A2 F0 00 13 A2 F0 00 13 A2 F0 00 13 A1 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 00 13 A2 F0 00 13 A2 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*00 13 A1 F0 00 13 A2 F0 *end_highlight*00 13 A2 F0 00 13 A1 F0 *begin_highlight*........*end_highlight*........\\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........\\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........\\n00 19 C0 F0 00 19 C0 F0 00 18 BF F0 00 18 C0 F0 ................\\n00 19 C0 F0 00 18 C0 F0 00 19 C0 F0 00 18 *begin_highlight*C0 F0*end_highlight* ..............*begin_highlight*..*end_highlight*\\n*begin_highlight*00 19 C0 F0 00 19 C0 F0 01 17 B3 F0 84 88 B9 F0*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DA F0 D2 D2 DA F0 D2 D2 DB EE D2 D2 DC EA*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*D2 D2 DC E7 D1 D1 DB E1 D0 D0 DA DA CD CD D8 D3*end_highlight* *begin_highlight*................*end_highlight*\\n*begin_highlight*CD CD D5 C7 C6 C6 D2 B6 C2 C2 CC A1 B7 B9 *end_highlight*C3 88 *begin_highlight*..............*end_highlight*..\\nA9 A9 B2 68 9E 9E A6 42 9D 9D AA 15 00 00 00 00 ...h...B........\",\"notification_source_country\":\"DE\",\"notification_source_key\":\"ff6c528f\",\"notification_tags\":[\"ia_dev\",\"malware_bazarloader\",\"59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db\"],\"rule_name\":\"MALWARE_BazarLoader\",\"rule_tags\":[\"IA_DEV\"],\"ruleset_id\":\"5395972918378496\",\"ruleset_name\":\"MALWARE_BAZARLOADER\"},\"id\":\"59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db\",\"links\":{\"self\":\"https://www.virustotal.com/api/v3/files/59420e3bb141882ef2263d94be07f22ff767b8f0e400cdc9b2a25da27afdb2db\"},\"type\":\"file\"}", + "created": "2020-10-28T18:28:09.775Z", + "kind": "alert", + "module": "virustotal", + "category": "file", + "type": "info", + "dataset": "virustotal.livehunt" + } +} diff --git a/x-pack/filebeat/module/virustotal/livehunt/test/livehunt-file-notification.json.log b/x-pack/filebeat/module/virustotal/livehunt/test/livehunt-file-notification.json.log new file mode 100644 index 00000000000..6506c6ff8ea --- /dev/null +++ b/x-pack/filebeat/module/virustotal/livehunt/test/livehunt-file-notification.json.log @@ -0,0 +1,25 @@ +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-24cddc642cf7fb7fc7defd0197671a4a","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","iswindowminimized","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"],"rule_name":"IsWindowMinimized","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596605914341828-4642050303721472-061b4792d0612137b3580832cc6ba7ba","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","isdebuggerpresent"],"rule_name":"IsDebuggerPresent","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-fdc7cb12d2f4c1ba3d758a14b383df1e","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","procmessages","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"],"rule_name":"ProcMessages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596605914341828-4642050303721472-a8dbdbfe0f0f9ceb02f00bd44e016b84","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","newsecuritydescriptor"],"rule_name":"NewSecurityDescriptor","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-08981bcd3fc13d3cafd04a7fc5b61041","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","checksystemlangauge"],"rule_name":"CheckSystemLangauge","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-f83dd7896428e470a486020feb820863","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","createfile"],"rule_name":"CreateFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-24cddc642cf7fb7fc7defd0197671a4a","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","iswindowminimized"],"rule_name":"IsWindowMinimized","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-fdc7cb12d2f4c1ba3d758a14b383df1e","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","procmessages"],"rule_name":"ProcMessages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-9793e97d7800c4d457a5ddacf2871fba","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","readfile"],"rule_name":"ReadFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-4b5125226fa48b6fe511a3ec1fc83eb8","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","getusername"],"rule_name":"GetUserName","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-bf83168d6f753273c7f62e85e8868ca2","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","downloadfile"],"rule_name":"DownloadFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-b0cd6dd37718286ccbb832980b7eca33","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","recordscreenshot"],"rule_name":"RecordScreenshot","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-1b970a4dcbfa8653614f0cc3742e6217","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","launchcmd"],"rule_name":"LaunchCMD","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-5284f262ccb6afbb4d7fce796bbffb6b","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","adjusttokenprivileges"],"rule_name":"AdjustTokenPrivileges","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-8b7b56dc9461f8b6f4acb96694b9c240","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","queryregistrykey"],"rule_name":"QueryRegistryKey","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"b39ad15531d351953b4315eb14a761d8d20b3cd30c0519c38e0edd59e8227fd5","capabilities_tags":["win_files_operation"],"creation_date":1590723944,"downloadable":true,"exiftool":{"CodeSize":"153088","EntryPoint":"0x7f84","FileType":"Win64 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"Executable, Large address aware","ImageVersion":"0.0","InitializedDataSize":"106496","LinkerVersion":"14.23","MIMEType":"application/octet-stream","MachineType":"AMD AMD64","OSVersion":"6.0","PEType":"PE32+","Subsystem":"Windows GUI","SubsystemVersion":"6.0","TimeStamp":"2020:05:29 03:45:44+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755484,"last_analysis_date":1601755484,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win64:TrojanX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Wacatac.R343592"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.SelfDel"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Mikey.D1BC2F"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win64:TrojanX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"HEUR/AGEN.1137403"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.Selfdel"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Beebone-9762279-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_60% (D)"},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"undetected","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W64/Agent.BWX.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.MulDrop13.22682"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win64/Agent.ABU"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Gen:Variant.Mikey.113711 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Heuristic.HEUR/AGEN.1137403"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W64/SelfDel.VHO!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.SelfDel"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Troj/Agent-BFFG"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Selfdel.qfb"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Win32.SelfDel.vho"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.Injector"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.121218.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"GenericRXAA-AA!4836A0B0E66F"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win64.Dropper.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Wacatac.DD!ml"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Win64/Agent!1.CA03 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-BFFG"},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.SelfDel"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Trojan.Agent!XarDjAMoTHQ"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.SelfDel.Win32.64272"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Win32.SelfDel.vho"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_66%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":43,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":27},"last_modification_date":1601755586,"last_submission_date":1601755484,"magic":"PE32+ executable for MS Windows (GUI) Mono/.Net assembly","md5":"4836a0b0e66fc58075c2373482818c9c","meaningful_name":"%TEMP%\\ESZESHKMSL.exe","names":["%TEMP%\\ESZESHKMSL.exe","ESZESHKMSL.exe"],"pe_info":{"compiler_product_versions":["id: 259, version: 26715 count=10","id: 260, version: 26715 count=18","id: 261, version: 26715 count=158","id: 261, version: 27905 count=78","id: 260, version: 27905 count=16","id: 259, version: 27905 count=9","id: 257, version: 26715 count=5","[---] Unmarked objects count=104","id: 265, version: 28106 count=4","id: 255, version: 28106 count=1","id: 258, version: 28106 count=1"],"debug":[{"codeview":{"age":1,"guid":"97c838fd-3ef8-4654-80ee-89aeddac915d","name":"C:\\Users\\swe_r\\source\\repos\\LoaderRepacker\\x64\\Release\\LoaderRepacker.pdb","signature":"RSDS"},"offset":224468,"size":98,"timestamp":"Fri May 29 03:45:44 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"},{"offset":224568,"size":20,"timestamp":"Fri May 29 03:45:44 2020","type":12,"type_str":"IMAGE_DEBUG_TYPE_VC_FEATURE"},{"offset":224588,"size":852,"timestamp":"Fri May 29 03:45:44 2020","type":13,"type_str":"IMAGE_DEBUG_TYPE_POGO"},{"offset":0,"size":0,"timestamp":"Fri May 29 03:45:44 2020","type":14,"type_str":"IMAGE_DEBUG_TYPE_ILTCG"}],"entry_point":32644,"imphash":"4115ec57355092a1f4d0330b5ace668a","import_list":[{"imported_functions":["ShellExecuteA"],"library_name":"SHELL32.dll"},{"imported_functions":["GetStdHandle","EncodePointer","DeleteCriticalSection","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","FreeEnvironmentStringsW","InitializeSListHead","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","FindClose","TlsGetValue","SetLastError","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","RtlAddFunctionTable","RtlVirtualUnwind","EnumSystemLocalesW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","SetUnhandledExceptionFilter","IsProcessorFeaturePresent","DecodePointer","TerminateProcess","GetModuleHandleExW","GetCurrentThreadId","GetProcAddress","WriteConsoleW","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","GetOEMCP","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlPcToFileHeader","GetStartupInfoW","GetUserDefaultLCID","GetProcessHeap","GetFileSizeEx","FindNextFileW","RtlLookupFunctionEntry","IsValidLocale","FindFirstFileExW","RtlUnwindEx","CreateFileW","GetFileType","TlsSetValue","CreateFileA","ExitProcess","LeaveCriticalSection","GetLastError","LCMapStringW","GetConsoleCP","GetEnvironmentStringsW","GetModuleFileNameA","SwitchToThread","GetCurrentProcessId","GetCommandLineW","GetCurrentDirectoryA","HeapSize","GetCommandLineA","RaiseException","TlsFree","SetFilePointer","ReadFile","RtlCaptureContext","CloseHandle","GetACP","GetModuleHandleW","CreateProcessA","WideCharToMultiByte","IsValidCodePage","Sleep","VirtualAlloc"],"library_name":"KERNEL32.dll"}],"machine_type":34404,"overlay":{"chi2":289.88323974609375,"entropy":7.9999589920043945,"filetype":"Data","md5":"ad3d13c59d3617f6e756408c796499cc","offset":254464,"size":5179504},"resource_details":[{"chi2":4142.857421875,"entropy":4.896233081817627,"filetype":"application/xml","lang":"ENGLISH US","sha256":"165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH US":1},"resource_types":{"RT_MANIFEST":1},"rich_pe_header_hash":"7b7aa09ecb9e0edfd271676b79a70ced","sections":[{"chi2":924102.63,"entropy":6.49,"flags":"rx","md5":"4007d3a9038c58c43b795aaf8a7faba9","name":".text","raw_size":153088,"virtual_address":4096,"virtual_size":153088},{"chi2":3957483.25,"entropy":5.12,"flags":"r","md5":"eafdbd8159515ef51764f0bfeb4a38be","name":".rdata","raw_size":82944,"virtual_address":159744,"virtual_size":82722},{"chi2":470192.03,"entropy":2.98,"flags":"rw","md5":"d67723ebdb2b42c695b6f6e471da2881","name":".data","raw_size":4608,"virtual_address":245760,"virtual_size":10564},{"chi2":261990.25,"entropy":5.32,"flags":"r","md5":"ff9eeab1c83556a1b9887b78357bd231","name":".pdata","raw_size":8192,"virtual_address":258048,"virtual_size":8064},{"chi2":74755,"entropy":1.68,"flags":"r","md5":"1e3908e0705e63d6fdac8e750109cd08","name":"_RDATA","raw_size":512,"virtual_address":266240,"virtual_size":256},{"chi2":8329,"entropy":4.75,"flags":"r","md5":"43c22ac8647ebbb96b2605592cfe3000","name":".rsrc","raw_size":512,"virtual_address":270336,"virtual_size":488},{"chi2":30377.29,"entropy":5.26,"flags":"r","md5":"4f846741e45917bae02b9b2a9f51f4ff","name":".reloc","raw_size":3584,"virtual_address":274432,"virtual_size":3268}],"timestamp":1590723944},"reputation":0,"sha1":"553b54e091478b0edf1c3453e4a33340ae81e97f","sha256":"d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","size":5433968,"ssdeep":"98304:u4e6nTpTRA9vMDBJXmorHffMoNURusmMi1UUGldmnXNXLqCjB31r+GggPx:uyTpT+vsXmorU82uzMOUUUmnXNXLFl1N","tags":["64bits","peexe","assembly","invalid-rich-pe-linker-version","overlay"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 Dynamic Link Library (generic)","probability":34.3},{"file_type":"Win32 Executable (generic)","probability":23.5},{"file_type":"OS/2 Executable (generic)","probability":10.6},{"file_type":"Win64 Executable (generic)","probability":10.5},{"file_type":"Generic Win/DOS Executable","probability":10.4}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"056076655d155515555az56hz1lz"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759114,"notification_id":"1596602785935355-5517514209001472-39d0ef71bb9141475f7d1657528957b0","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","pe_file","ransomware"],"rule_name":"pe_file","rule_tags":[],"ruleset_id":"5517514209001472","ruleset_name":"ransomware"},"id":"d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","links":{"self":"https://www.virustotal.com/api/v3/files/d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da"},"type":"file"} +{"attributes":{"authentihash":"62ae16bd2c17180d09e7b3bcb8939bc7c8f02f900a520ee71f9855b94ce2f353","downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"0","CompanyName":"Microsoft Corporation","EntryPoint":"0x0000","FileDescription":"Tâche d’analyse de l’intégrité des données","FileFlagsMask":"0x003f","FileOS":"Windows NT 32-bit","FileSubtype":"0","FileType":"Win32 DLL","FileTypeExtension":"dll","FileVersion":"10.0.19041.321 (WinBuild.160101.0800)","FileVersionNumber":"10.0.19041.321","ImageFileCharacteristics":"Executable, 32-bit, DLL","ImageVersion":"10.0","InitializedDataSize":"11776","InternalName":"discan","LanguageCode":"French","LegalCopyright":"© Microsoft Corporation. Tous droits réservés.","LinkerVersion":"14.2","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"10.0","ObjectFileType":"Dynamic link library","OriginalFileName":"discan.dll.mui","PEType":"PE32","ProductName":"Système d’exploitation Microsoft® Windows®","ProductVersion":"10.0.19041.321","ProductVersionNumber":"10.0.19041.321","Subsystem":"Windows GUI","SubsystemVersion":"6.0","TimeStamp":"0000:00:00 00:00:00","UninitializedDataSize":"0"},"first_submission_date":1600545486,"last_analysis_date":1601755339,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"undetected","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"undetected","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":null},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"timeout","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"confirmed-timeout","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":1,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":1,"type-unsupported":5,"undetected":67},"last_modification_date":1601755508,"last_submission_date":1600545486,"magic":"PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit","md5":"f0200e3cf3bc0163391af0ffba0537d3","meaningful_name":"discan.dll.mui","names":["discan","discan.dll.mui"],"packers":{"PEiD":"Microsoft Visual C++ vx.x DLL"},"pe_info":{"compiler_product_versions":["id: 255, version: 27412 count=1","id: 258, version: 27412 count=1"],"debug":[{"offset":568,"size":84,"timestamp":"Thu Jan 8 14:31:41 1998","type":13,"type_str":"IMAGE_DEBUG_TYPE_POGO"},{"offset":652,"size":36,"timestamp":"Thu Jan 8 14:31:41 1998","type":16,"type_str":"16"}],"machine_type":332,"overlay":{"chi2":13327.26171875,"entropy":7.388175964355469,"filetype":"Data","md5":"cd3007cc8a0a0ac21c67e46c19d3ae1b","offset":12288,"size":9088},"resource_details":[{"chi2":22711.271484375,"entropy":2.573807716369629,"filetype":"Data","lang":"FRENCH","sha256":"f00ab7c6065b93de7ae9e76e4eac863459fc3d20d3f91bd7eaff9bffa03bbd58","type":"MUI"},{"chi2":36805.50390625,"entropy":3.063631772994995,"filetype":"Data","lang":"FRENCH","sha256":"de8bf17d18142ef20e862146ff2f0aac103045b0f0821dc218781cd09e7b2472","type":"RT_STRING"},{"chi2":608574.25,"entropy":3.4768004417419434,"filetype":"Data","lang":"FRENCH","sha256":"345b7625afc0f89c7096df2ab81121c7b576a329ab59b9dd6c6661d2e83efd15","type":"RT_MESSAGETABLE"},{"chi2":73027.3671875,"entropy":3.522307872772217,"filetype":"Data","lang":"FRENCH","sha256":"2af25162afabb6491185f46b6956f89b1a2a5843c3a07cf1e128f8dde4dbe051","type":"RT_VERSION"}],"resource_langs":{"FRENCH":4},"resource_types":{"MUI":1,"RT_MESSAGETABLE":1,"RT_STRING":1,"RT_VERSION":1},"rich_pe_header_hash":"0f6476a2dd80586d598ffd5bd4be8eb7","sections":[{"chi2":84496,"entropy":1.78,"flags":"r","md5":"cf9e607e2e31fbf67f01ce588d582a00","name":".rdata","raw_size":512,"virtual_address":4096,"virtual_size":176},{"chi2":759194,"entropy":3.64,"flags":"r","md5":"ee946a8d1393e09f3692e60123f04756","name":".rsrc","raw_size":11264,"virtual_address":8192,"virtual_size":12288}]},"reputation":0,"sha1":"22896d7735bd05831c0e26944edd2312f4d6d2d3","sha256":"c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","signature_info":{"copyright":"© Microsoft Corporation. Tous droits réservés.","counter signers":"Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010","counter signers details":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Time-Stamp PCA 2010","name":"Microsoft Time-Stamp Service","serial number":"33 00 00 01 0F 80 72 F6 3A 87 08 88 AD 00 00 00 00 01 0F","status":"Valid","thumbprint":"2441BB429F53941D1679DBB4A092417AA164B769","valid from":"11:19 PM 10/23/2019","valid to":"11:19 PM 01/21/2021","valid usage":"Timestamp Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Time-Stamp PCA 2010","serial number":"61 09 81 2A 00 00 00 00 00 02","status":"Valid","thumbprint":"2AA752FE64C49ABE82913C463529CF10FF2F04EE","valid from":"09:36 PM 07/01/2010","valid to":"09:46 PM 07/01/2025","valid usage":"All"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Root Certificate Authority 2010","serial number":"28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA","status":"Valid","thumbprint":"3B1EFD3A66EA28B16697394703A72CA340A05BD5","valid from":"09:57 PM 06/23/2010","valid to":"10:04 PM 06/23/2035","valid usage":"All"}],"description":"Tâche d’analyse de l’intégrité des données","file version":"10.0.19041.321 (WinBuild.160101.0800)","internal name":"discan","original name":"discan.dll.mui","product":"Système d’exploitation Microsoft® Windows®","signers":"Microsoft Corporation; Microsoft Code Signing PCA 2011; Microsoft Root Certificate Authority 2011","signers details":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Code Signing PCA 2011","name":"Microsoft Corporation","serial number":"33 00 00 01 88 AF 52 D6 B9 92 6D E8 F9 00 00 00 00 01 88","status":"Valid","thumbprint":"A5BCE29A2944105E0E25B626120264BB03499052","valid from":"06:39 PM 03/04/2020","valid to":"06:39 PM 03/03/2021","valid usage":"Microsoft Publisher, Code Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Code Signing PCA 2011","serial number":"61 0E 90 D2 00 00 00 00 00 03","status":"Valid","thumbprint":"F252E794FE438E35ACE6E53762C0A234A2C52135","valid from":"08:59 PM 07/08/2011","valid to":"09:09 PM 07/08/2026","valid usage":"All"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Root Certificate Authority 2011","serial number":"3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44","status":"Valid","thumbprint":"8F43288AD272F3103B6FB1428485EA3014C0BCFE","valid from":"10:05 PM 03/22/2011","valid to":"10:13 PM 03/22/2036","valid usage":"All"}],"signing date":"07:30 PM 05/14/2020","verified":"Signed","x509":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Code Signing PCA 2011","name":"Microsoft Corporation","serial number":"33 00 00 01 88 AF 52 D6 B9 92 6D E8 F9 00 00 00 00 01 88","thumbprint":"A5BCE29A2944105E0E25B626120264BB03499052","valid from":"2020-03-04 18:39:48","valid to":"2021-03-03 18:39:48","valid_usage":"0.4.1.311.76.8, Code Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Code Signing PCA 2011","serial number":"61 0E 90 D2 00 00 00 00 00 03","thumbprint":"F252E794FE438E35ACE6E53762C0A234A2C52135","valid from":"2011-07-08 20:59:09","valid to":"2026-07-08 21:09:09","valid_usage":null},{"algorithm":"sha256RSA","cert issuer":"Microsoft Time-Stamp PCA 2010","name":"Microsoft Time-Stamp Service","serial number":"33 00 00 01 0F 80 72 F6 3A 87 08 88 AD 00 00 00 00 01 0F","thumbprint":"2441BB429F53941D1679DBB4A092417AA164B769","valid from":"2019-10-23 23:19:18","valid to":"2021-01-21 23:19:18","valid_usage":"Timestamp Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Time-Stamp PCA 2010","serial number":"61 09 81 2A 00 00 00 00 00 02","thumbprint":"2AA752FE64C49ABE82913C463529CF10FF2F04EE","valid from":"2010-07-01 21:36:55","valid to":"2025-07-01 21:46:55","valid_usage":null}]},"size":21376,"ssdeep":"384:PECg1C7YyoUACEeW2h1WixHRN7WjrlF7:PjnvR6y4f","tags":["pedll","invalid-rich-pe-linker-version","signed","overlay"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 Executable (generic)","probability":35.8},{"file_type":"OS/2 Executable (generic)","probability":16.1},{"file_type":"Win64 Executable (generic)","probability":16},{"file_type":"Generic Win/DOS Executable","probability":15.9},{"file_type":"DOS Executable Generic","probability":15.9}],"type_description":"Win32 DLL","type_tag":"pedll","unique_sources":1,"vhash":"124025151\"z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759112,"notification_id":"1596597676292699-5517514209001472-39d0ef71bb9141475f7d1657528957b0","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["pe_file","c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","ransomware"],"rule_name":"pe_file","rule_tags":[],"ruleset_id":"5517514209001472","ruleset_name":"ransomware"},"id":"c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","links":{"self":"https://www.virustotal.com/api/v3/files/c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755661,"notification_id":"1596471088617144-4642050303721472-8cd4cf47faf9764d52bd3d12d088a79f","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","guardpages"],"rule_name":"GuardPages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-b2c63cccf59df132c856e74ebe856ba6","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","terminateprocess"],"rule_name":"TerminateProcess","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-85a1010f23b7285f29d37fddf7a9d470","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","dynamicapi"],"rule_name":"DynamicAPI","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-ea44665a14b3de8c7f2d8b77cb320c07","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","execptionhandler","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"],"rule_name":"ExecptionHandler","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"4dac6a1423ff18d951e8d221673b3b8cda241051babb3879b44d337e6c2907a9","capabilities_tags":["network_udp_sock","spreading_file","network_tcp_socket","screenshot","network_tcp_listen","win_private_profile","win_token","win_mutex","keylogger","str_win32_winsock2_library","str_win32_internet_api","win_registry","network_dns","network_dropper","network_http","network_ssl","win_files_operation","str_win32_wininet_library","str_win32_http_api","network_smtp_raw","rat_rdp"],"creation_date":1507318527,"crowdsourced_yara_results":[{"description":"Detects EquationGroup Tool - April Leak","match_in_subfile":true,"rule_name":"EquationGroup_Toolset_Apr17_Eternalromance","ruleset_id":"00029bbd96","ruleset_name":"apt_eqgrp_apr17","source":"https://github.com/Neo23x0/signature-base"},{"description":"Malware Sample - maybe Regin related","match_in_subfile":true,"rule_name":"Regin_Related_Malware","ruleset_id":"000cf3a489","ruleset_name":"spy_regin_fiveeyes","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"3686400","Comments":"Ftp系统核心服务","CompanyName":"Windows系统Ftp核心服务","EntryPoint":"0x8abaa0","FileDescription":"Ftp系统核心服务","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"2.1.2.1","FileVersionNumber":"2.1.2.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"24576","LanguageCode":"Chinese (Simplified)","LegalCopyright":"Windows系统Ftp核心服务 版权所有","LinkerVersion":"6.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","PEType":"PE32","ProductName":"Ftp系统核心服务","ProductVersion":"2.1.2.1","ProductVersionNumber":"2.1.2.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2017:10:06 19:35:27+00:00","UninitializedDataSize":"5402624"},"first_submission_date":1507524718,"last_analysis_date":1601702480,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"FileRepMalware"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Multi.Generic.lmpu"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201002","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C2191491"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Win32.FlyStudio.a"},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:HacktoolX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"Gen:NN.ZexaF.34282.IpKfauCVYRjb"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201002","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201001","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201002","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Downloader.13403-1"},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201002","engine_version":"32862","method":"blacklist","result":"Malware@#18ajnfdpqoc42"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.c02a18"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.CLL.gen!Eldorado"},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22090","method":"blacklist","result":"a variant of Win32/FlyStudio.OPP"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.40b445bdac37451f"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Agent.65CA!tr"},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27208B:27.20382","method":"blacklist","result":null},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201002","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Exploit"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Generic PUA BM (PUA)"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.EquationDrug.jd"},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201002","engine_version":"11.142.35348","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35350","method":"blacklist","result":null},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.af"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=100)"},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201002","engine_version":"6.0.6.653","method":"blacklist","result":"Artemis!40B445BDAC37"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.wc"},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Eqtonex.C!dha"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.etjpyk"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201002","engine_version":"4.6.4.2","method":"blacklist","result":"Generic Malware"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Win32/Trojan.Exploit.46b"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201002","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Eqtonex!8.E3CD (TFE:5:5YgiJ2vLGwD)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Generic PUA BM (PUA)"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":"Hacktool"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.01","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.TrojanDropper.Woozlist"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87142","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Malware.Gen"},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.af"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Trojan.Generic"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":41,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":29},"last_modification_date":1601703541,"last_submission_date":1507524718,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"40b445bdac37451f6a9b91cadc52e843","names":["1c0b829c02a18ecdf0c53e74ae8c54560e0349e1"],"packers":{"Cyren":"UPX","F-PROT":"UPX","PEiD":"UPX 2.90 [LZMA] -\u003e Markus Oberhumer, Laszlo Molnar \u0026 John Reiser"},"pe_info":{"compiler_product_versions":["id: 12, version: 7291 count=5","id: 11, version: 8047 count=9","id: 10, version: 8047 count=6","id: 14, version: 7299 count=44","[ C ] VS98 (6.0) SP6 build 8804 count=203","id: 19, version: 8022 count=44","id: 19, version: 8034 count=28","[---] Unmarked objects count=689","id: 93, version: 2179 count=3","[C++] VS98 (6.0) SP6 build 8804 count=95","[C++] VS98 (6.0) build 8168 count=104","[ C ] VS98 (6.0) build 8168 count=27","[---] Unmarked objects (old) count=84","[RES] VS98 (6.0) SP6 cvtres build 1736 count=1"],"entry_point":9091744,"imphash":"65d73bed202d138a2f2e5fadd25ef7d3","import_list":[{"imported_functions":["ChooseColorA"],"library_name":"comdlg32.dll"},{"imported_functions":["SafeArrayGetUBound"],"library_name":"OLEAUT32.dll"},{"imported_functions":["waveOutOpen"],"library_name":"WINMM.dll"},{"imported_functions":["InternetOpenA"],"library_name":"WININET.dll"},{"imported_functions":["SaveDC"],"library_name":"GDI32.dll"},{"imported_functions":["ShellExecuteA"],"library_name":"SHELL32.dll"},{"imported_functions":["VirtualFree","ExitProcess","VirtualProtect","LoadLibraryA","VirtualAlloc","GetProcAddress"],"library_name":"KERNEL32.DLL"},{"imported_functions":["RasHangUpA"],"library_name":"RASAPI32.dll"},{"imported_functions":["OpenPrinterA"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["OleRun"],"library_name":"ole32.dll"},{"imported_functions":["SHDeleteKeyA"],"library_name":"SHLWAPI.dll"},{"imported_functions":["send"],"library_name":"WS2_32.dll"},{"imported_functions":["GetDC"],"library_name":"USER32.dll"},{"imported_functions":["Ord(17)"],"library_name":"COMCTL32.dll"}],"machine_type":332,"resource_details":[{"chi2":245.00003051757812,"entropy":3.4594321250915527,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c71d2d00cce292297c6856c00e13614b895e573aeb127193d9872379d1714d10","type":"TEXTINCLUDE"},{"chi2":234.00006103515625,"entropy":4.459430694580078,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"6d4dfcf6c3b999c08e64c61efb341a1a1bf0b6eec81dbba6605107d2be009ea6","type":"TEXTINCLUDE"},{"chi2":351.996826171875,"entropy":7.186094760894775,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f2260b650d99d296059d4c461a9ba427ef521ee22492ce87f248aa6ab1227f94","type":"TEXTINCLUDE"},{"chi2":333.6622314453125,"entropy":7.1476359367370605,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"bd46934a2ee5fdf3262175c88250660068d966361bad348ddfe1e22ce2e866be","type":"RT_CURSOR"},{"chi2":408.4678649902344,"entropy":7.061681270599365,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"1a201b0de3341ce3020a27adf6488786114b348dcc5cd8d144c79de875d00ccc","type":"RT_CURSOR"},{"chi2":468.31207275390625,"entropy":6.962516784667969,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"518df682583faef7e1788b588dfd2f1f193df111bea0b5ca27d17b17e7f3ddae","type":"RT_CURSOR"},{"chi2":400.2666015625,"entropy":6.544606685638428,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"cb2faf2855fffcba10196fabafd8bdc057ea38d6f3ca274ddac424cb6d119b1c","type":"RT_CURSOR"},{"chi2":739.8348999023438,"entropy":7.181002140045166,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"7a683674c27eff1c2e7f188b211624076470a7d9916fcb52e883e993c82f0ee9","type":"RT_BITMAP"},{"chi2":418.71649169921875,"entropy":7.085074424743652,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f38c7dbe38c09f1215c706ad863d329968839fcd37d55ba925bd4a033c055e56","type":"RT_BITMAP"},{"chi2":547.5341796875,"entropy":6.9661865234375,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c79f72e9611145384a761e3b3fcb5e67790c74bd3423584f27d7390f9758aca0","type":"RT_BITMAP"},{"chi2":528.185302734375,"entropy":7.053053855895996,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d2d5c200d0777c0630804e1e4bb75c815101732ddeaf8b74414c7fb10f7c293a","type":"RT_BITMAP"},{"chi2":546.0458374023438,"entropy":7.057104587554932,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d71f271e5791ca65f64590014a923c3f8fe2cbb9d2a09f2b29c5993bdd20f267","type":"RT_BITMAP"},{"chi2":706.790771484375,"entropy":7.262923717498779,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"25813455f23fa9f6e67455c6200e60f2a77cbb1ab4942d10e2c8b23bd3cce524","type":"RT_BITMAP"},{"chi2":1136.930419921875,"entropy":7.108856201171875,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b55d03c8cb7a130a2214b0b657dca1a75d697404460c4252b14d1f6ae0f7e2f5","type":"RT_BITMAP"},{"chi2":1074.41845703125,"entropy":6.765951633453369,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c4e25d95823aaf9c28c2bfd7a9e3e61983a636fdb339382c1448e58e7897b9dd","type":"RT_BITMAP"},{"chi2":1416.744140625,"entropy":6.576704978942871,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5732e5e2f8cd0e9e9039fedcf430c3d1f29d01c6adabcabbe4d7f374ccc30030","type":"RT_BITMAP"},{"chi2":895.81396484375,"entropy":6.878451824188232,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"8c136a954979b7e25a375469dd885b9c709ef5b4db00e2803391c0a362c0ac7f","type":"RT_BITMAP"},{"chi2":1499.8306884765625,"entropy":7.68862247467041,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5ece3595afbbe59aa52fb1d1512ac2ae79252aa44687b202e7ef0838a7feafd5","type":"RT_BITMAP"},{"chi2":339.1307678222656,"entropy":6.82283353805542,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"aec30446833cd2bb7f5e36c3de17f4a7ab5d30a6106985b6b711e279a93eec3d","type":"RT_BITMAP"},{"chi2":475.73724365234375,"entropy":7.076139450073242,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b1e7c5fc974e57e291340ebd4e860888b3a7951054d4782d9c5e88e2a59e77dd","type":"RT_BITMAP"},{"chi2":1036.5924072265625,"entropy":7.412300109863281,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d3556b53cf333641256866ab0e8a88a3f4a02f0e4616cf2051a14056a24fb675","type":"RT_BITMAP"},{"chi2":430.02117919921875,"entropy":7.5765204429626465,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d6555c986a3a991b82fdb43c4f6a89fa6bbc4401ccbae8f956b6b8af6c64ec09","type":"RT_ICON"},{"chi2":338.8110656738281,"entropy":7.097600936889648,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"56b125efb3b5ffef2ff5316f6ca4f71896040550a0ac85bfe0a4b10e27074f09","type":"RT_ICON"},{"chi2":399208.53125,"entropy":5.561239719390869,"filetype":"Data","lang":"NEUTRAL","sha256":"1332a051df5da313ff15ddfa9a2896e1d117e1a69525bd52fbc498d07eca71c5","type":"RT_ICON"},{"chi2":286.66668701171875,"entropy":3.4182956218719482,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"ce458419570905afd00b5b04b349297e67af01bcf99291512ed24eed5f8dc490","type":"RT_MENU"},{"chi2":767.180419921875,"entropy":7.172008037567139,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"74bfa88f4e130c1a64cbdf166b309d82da6b25780fb31ec864b3dbe67dad59fb","type":"RT_MENU"},{"chi2":356.6313781738281,"entropy":6.4400715827941895,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c7a363b7cdf8dabfdd68612434326c739528dad876b15ef935f6a4fbf8ec50c2","type":"RT_DIALOG"},{"chi2":529.512939453125,"entropy":7.0183234214782715,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"4062b870043e2bfd23f0da5f1b9877efe6dc6b99e73ae8b716a180607b4cbeb4","type":"RT_DIALOG"},{"chi2":503.6634216308594,"entropy":6.743902683258057,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"e05994cb1144ccd37266eb2964a99a00fc77645323ab92cb2a336dbc50b6a6b8","type":"RT_DIALOG"},{"chi2":479.2997131347656,"entropy":6.662327766418457,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"2f86795effa7b482074b782dfb32bf8fafc372d437f8051b24cb25002bcfb344","type":"RT_DIALOG"},{"chi2":1701.1810302734375,"entropy":7.471444606781006,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"17a31e4e18afad4f135a30d5a555dabad202de6c547871731603e66d3112c24a","type":"RT_DIALOG"},{"chi2":469.19091796875,"entropy":6.4334635734558105,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"a0b750ce4ad0a12c7e42d7307353b4743a0f1c434a35f92b3279528d61348a7e","type":"RT_DIALOG"},{"chi2":674.4307861328125,"entropy":6.426914215087891,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"9d3b8c5dd9fdc2be650c0b58900117ef0b0edd3619d08a1b1d0c21fb9926728d","type":"RT_DIALOG"},{"chi2":469.1908874511719,"entropy":6.45845365524292,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"519207d44f900896b7c9e4e7056b84bb86f2cb7d2148e361252c336df98b5250","type":"RT_DIALOG"},{"chi2":560.12451171875,"entropy":6.625264644622803,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b0b8cca468589f2a602028f39fb1319058c87dd76530d59281108868c4b2edd2","type":"RT_DIALOG"},{"chi2":369.4137268066406,"entropy":7.27430534362793,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"3eed5bb5a16544b15abe02befe9d1f47dfbb5fdddf258519ffe58e9b86ecc23d","type":"RT_DIALOG"},{"chi2":297.6000671386719,"entropy":5.893622398376465,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"4d37c4f31e611635b0c1745bab8ef5b782e1c91e2a03a55b732bffa8e21eedff","type":"RT_STRING"},{"chi2":258.5453796386719,"entropy":5.277613162994385,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"94c17b229432988c827d4f61bb3fd13270805b444438b1dd41595adec02b0507","type":"RT_STRING"},{"chi2":507.19989013671875,"entropy":5.941490173339844,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"74d3bd894203af18dffdd6dbdce14b3a2da50a8dfe05d669cfe82e453b9c86a0","type":"RT_STRING"},{"chi2":1252.778564453125,"entropy":6.864519119262695,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"84273c495c2fe3b295b4e7a1ae791638f9c399ea791c1e6ce7b56e466b64d70b","type":"RT_STRING"},{"chi2":990.5908203125,"entropy":6.5525689125061035,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"df993a1c163e34c3ca6fcf5617eb3813a71313d607e428a9c33566b618c5170d","type":"RT_STRING"},{"chi2":933.5833129882812,"entropy":6.763321399688721,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"772aed01a0ed11fc3bf1a0a49e66e12892c72e06b3753942edce76eed8110830","type":"RT_STRING"},{"chi2":376,"entropy":5.4410247802734375,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"1726c5089aa9d51fe5d6c2715b6e8e49c09263164071f96626eabc0722e97d2c","type":"RT_STRING"},{"chi2":278.87994384765625,"entropy":6.201212406158447,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"aa9c257ac5bc99c5ced530864c48ea7f6d8acae2fde68d0d326a692c0fb26f81","type":"RT_STRING"},{"chi2":368.67803955078125,"entropy":7.4059600830078125,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d487fb22ae021091bcb80bcd0086b00250745fcadd6b33c47969e0bc607931ef","type":"RT_STRING"},{"chi2":345.44970703125,"entropy":7.043664932250977,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"9cd6ee322087f7b271d028d5c7ad2c8916c0be6f85e2ac38ee1dc7067cab8966","type":"RT_STRING"},{"chi2":220.00009155273438,"entropy":5.169925212860107,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"682a72e7d2e9c6b5af34a69bcb0a45142830f98f456f741333ec88f7e74fccc9","type":"RT_STRING"},{"chi2":312.79998779296875,"entropy":4.021928310394287,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"59c554a783fff47bb1f57558255457667c19aea260ef6295a72c87644914d132","type":"RT_GROUP_CURSOR"},{"chi2":261.60003662109375,"entropy":4.221928119659424,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"07b9e565801c50a11079f23ed9e102673e6d8daa8b32e2b971c39444813696b2","type":"RT_GROUP_CURSOR"},{"chi2":312.3531188964844,"entropy":4.771141052246094,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"514ace2966dbed3305d958724796e3020c30284eaecf31782390cdd8a9c7c06c","type":"RT_GROUP_CURSOR"},{"chi2":1746.400146484375,"entropy":2.081496477127075,"filetype":"ASCII text","lang":"NEUTRAL","sha256":"28d38d528e682cb6a7330cc38828a3d79c559433b55829c017f7aaa73ba9ed8a","type":"RT_GROUP_ICON"},{"chi2":236.0000457763672,"entropy":4.321928024291992,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"6a2c9ef6ea5acf7929c3627b6529e3e8a0058427b872797a43f464661fa19b3e","type":"RT_GROUP_ICON"},{"chi2":236.0000457763672,"entropy":4.321928024291992,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5b788d7c84dc82a01e89a278312c93471bed748132d9adbeba3b217f1f86df2f","type":"RT_GROUP_ICON"},{"chi2":42276.51171875,"entropy":3.7713489532470703,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f6900b350031520e148120024a25b4cd6eaf02d47f73d9b8efc5b2b6911a9576","type":"RT_VERSION"},{"chi2":6778.419921875,"entropy":5.02094030380249,"filetype":"application/xml","lang":"NEUTRAL","sha256":"70b7f6ec24cf159809467626ceade9ba45e1c46660c86257e85db8caa6b1926b","type":"RT_MANIFEST"}],"resource_langs":{"CHINESE SIMPLIFIED":52,"NEUTRAL":3},"resource_types":{"RT_BITMAP":14,"RT_CURSOR":4,"RT_DIALOG":10,"RT_GROUP_CURSOR":3,"RT_GROUP_ICON":3,"RT_ICON":3,"RT_MANIFEST":1,"RT_MENU":2,"RT_STRING":11,"RT_VERSION":1,"TEXTINCLUDE":3},"rich_pe_header_hash":"677b4e2ecbe73ad25716185106f562b2","sections":[{"chi2":-1,"entropy":0,"flags":"rwx","md5":"d41d8cd98f00b204e9800998ecf8427e","name":"UPX0","raw_size":0,"virtual_address":4096,"virtual_size":5402624},{"chi2":430144.88,"entropy":7.94,"flags":"rwx","md5":"ccc4f5ef1c86ef3ffb4d4510fac2bc53","name":"UPX1","raw_size":3685888,"virtual_address":5406720,"virtual_size":3686400},{"chi2":640376.75,"entropy":5.43,"flags":"rw","md5":"e1cb333fd88510364f4fa95a02361857","name":".rsrc","raw_size":22528,"virtual_address":9093120,"virtual_size":24576}],"timestamp":1507318527},"reputation":0,"sha1":"1c0b829c02a18ecdf0c53e74ae8c54560e0349e1","sha256":"41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","signature_info":{"comments":"Ftp系统核心服务","copyright":"Windows系统Ftp核心服务 版权所有","description":"Ftp系统核心服务","file version":"2.1.2.1","product":"Ftp系统核心服务"},"size":3709440,"ssdeep":"98304:mQj2AJDOBAd9DyOXdSyt28mBivS4y6g4ue/3PJk7:mSJqBAdNXoyt28045g4ZW7","tags":["peexe","invalid-rich-pe-linker-version","upx"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"UPX compressed Win32 Executable","probability":27},{"file_type":"Win32 EXE Yoda's Crypter","probability":26.5},{"file_type":"Win16 NE executable (generic)","probability":14},{"file_type":"Windows screen saver","probability":13.1},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.5}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"03603e0f7d50101011z11z67z1015z1011z11z101017z"},"context_attributes":{"match_in_subfile":true,"notification_date":1601706183,"notification_id":"1595272637191943-6114383222276096-d538dea08c43824a7852d096431d1109","notification_snippet":"56 04 57 8B 5D 10 8B C2 C1 E8 05 8B FA C1 E7 04 V.W.]...........\n33 C7 8B 7D 0C 83 E7 03 8B 3C BB *begin_highlight*03 7D 0C 81 6D*end_highlight* 3..}.....\u003c.*begin_highlight*.}..m*end_highlight*\n*begin_highlight*0C 47 86 C8 61 *end_highlight*03 C2 33 C7 03 C8 8B C1 C1 E8 05 *begin_highlight*.G..a*end_highlight*..3........","notification_source_country":null,"notification_source_key":null,"notification_tags":["41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","exploit_kits","angler_shellcode_xtea_subdelta"],"rule_name":"Angler_Shellcode_XTEA_subDelta","rule_tags":[],"ruleset_id":"6114383222276096","ruleset_name":"Exploit_Kits"},"id":"41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","links":{"self":"https://www.virustotal.com/api/v3/files/41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"dal_PopParcelIDStack","type":"FUNC"},{"name":"_ZN27CancledDownloadNotificationD2Ev","type":"FUNC"},{"name":"_ZN4Poco3URIaSEPKc","type":"FUNC"},{"name":"_ZNSt6vectorIN3DAL9DrawParam13DrawParameter14KindLineStyleTESaIS3_EEC2ERKS5_","type":"FUNC"},{"name":"PKCS5_PBKDF2_HMAC","type":"FUNC"},{"name":"_ZN4Poco4JSON6Parser11_asciiClassE","type":"OBJECT"},{"name":"_ZN4Poco3Net18HTTPSClientSessionC2ERKSst","type":"FUNC"},{"name":"_ZN2MP17CrossroadsMapView4drawERN3GRL8RendererE","type":"FUNC"},{"name":"_ZN4Poco8DelegateINS_11LRUStrategyISsN10InquiryPoi10ResultDataEEENS_9ValidArgsISsEELb1EED2Ev","type":"FUNC"},{"name":"OTHERNAME_free","type":"FUNC"},{"name":"Trip_iCollectRecoveryRegionLink","type":"FUNC"},{"name":"_ZTINSt3tr121_Sp_counted_base_implIPSt3mapIi15ZRegionMngTbl_tSt4lessIiESaISt4pairIKiS2_EEENS_11_Sp_d","type":"OBJECT"},{"name":"EVP_PKEY_paramgen","type":"FUNC"},{"name":"DAL_DirectionGuideData_GetNextGuidePointData","type":"FUNC"},{"name":"_ZN4Poco4Util24InvalidArgumentExceptionC2ERKSsRKNS_9ExceptionEi","type":"FUNC"},{"name":"ssl23_default_timeout","type":"FUNC"},{"name":"_ZN4Poco3XML12ParserEngine9readCharsERSiPci","type":"FUNC"},{"name":"_ZTVN9jniHelper13jvm_exceptionE","type":"OBJECT"},{"name":"_ZN4Poco4JSON13JSONExceptionD1Ev","type":"FUNC"},{"name":"_ZNK4Poco9SharedPtrINS_4JSON5ArrayENS_16ReferenceCounterENS_13ReleasePolicyIS2_EEE5derefEv","type":"FUNC"},{"name":"JNI_NE_GetDriveContentsHospital","type":"FUNC"},{"name":"_ZN4Poco15DefaultStrategyINS_9ValidArgsISsEENS_16AbstractDelegateIS2_EEE5clearEv","type":"FUNC"},{"name":"g_stViaApproachJudgeDist","type":"OBJECT"},{"name":"_ZN4Poco3XML4NameC1ERKSsS3_","type":"FUNC"},{"name":"_ZN15DALMapResources23getParcelMngDataCommandE","type":"OBJECT"},{"name":"_ZN3GRL5splitESsRKSs","type":"FUNC"},{"name":"JNI_VP_SetAcceleroSensorData","type":"FUNC"},{"name":"os_iMbxAdr","type":"FUNC"},{"name":"PKCS7_dataVerify","type":"FUNC"},{"name":"_ZN4Poco3Net18SecureStreamSocket16setLazyHandshakeEb","type":"FUNC"},{"name":"_ZTIN4Poco18ActiveResultHolderINS_4VoidEEE","type":"OBJECT"},{"name":"_ZN2MP13MyPosIconInfo35getCurrentPositionAnimateGuidePointEfRNS_17LocationWithAngleE","type":"FUNC"},{"name":"MP_SetVehicleTrackParam","type":"FUNC"},{"name":"POI_Route_SetParam","type":"FUNC"},{"name":"MP_GetAddressString","type":"FUNC"},{"name":"_ZN4Poco13FastMutexImplD2Ev","type":"FUNC"},{"name":"_ZN4Poco10ThreadImpl10ThreadDataD1Ev","type":"FUNC"},{"name":"_ZNSt3tr121_Sp_counted_base_implIPN10InquiryPoi15PoiStreetParserENS_11_Sp_deleterIS2_EELN9__gnu_cxx1","type":"FUNC"},{"name":"classRPPacket01_t","type":"OBJECT"},{"name":"_ZN4Poco11FileChannel8setFlushERKSs","type":"FUNC"},{"name":"sqlite3_uri_boolean","type":"FUNC"},{"name":"CT_POIEntrance_GetRecList","type":"FUNC"},{"name":"ENGINE_get_name","type":"FUNC"},{"name":"_ZN4Poco3URI17removeDotSegmentsEb","type":"FUNC"},{"name":"_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEaSERKS8_","type":"FUNC"},{"name":"_ZN4Poco8DateTime11toJulianDayEiiiiiiii","type":"FUNC"},{"name":"_ZNSt6vectorIN4Poco17RegularExpression5MatchESaIS2_EE7reserveEj","type":"FUNC"},{"name":"sqlite3_db_config","type":"FUNC"},{"name":"_ZN4Poco4Task3runEv","type":"FUNC"},{"name":"ENGINE_register_DH","type":"FUNC"},{"name":"_ZN4Poco8ObserverIN12mapdl_hybrid21MapDownloadControllerENS_22TaskFailedNotificationEED0Ev","type":"FUNC"},{"name":"_ZN4Poco3Net10SocketImpl12setKeepAliveEb","type":"FUNC"},{"name":"RP_vGetStartLinkIsExpressFlagToProcMngRec","type":"FUNC"},{"name":"DAL_ZDAL_UnOpeningRoadArray_PushBack","type":"FUNC"},{"name":"_ZN14DAL_Downloader27createNWMngDataFileFullPathEv","type":"FUNC"},{"name":"_ZN39SQLiteNWDownloadFailedRegionIDCollecter8IteratorD2Ev","type":"FUNC"},{"name":"_ZN8picojson13_parse_stringIPcEEbRNS_5valueERNS_5inputIT_EE","type":"FUNC"},{"name":"CMN_sin","type":"FUNC"},{"name":"Trip_iGetNodeCoordinates","type":"FUNC"},{"name":"_ZN4Poco3XML17DOMImplementation17FEATURE_TRAVERSALE","type":"OBJECT"},{"name":"Lib_calcRectSquare","type":"FUNC"},{"name":"interpolationList_InitByBuffer","type":"FUNC"},{"name":"RS_iDeleteRerouteData","type":"FUNC"},{"name":"_ZN4Poco3Net13ICMPExceptionC2ERKS1_","type":"FUNC"},{"name":"DAL_LinkArrayData_GetDiffLinkID","type":"FUNC"},{"name":"_ZTSN4Poco28LineEndingConverterStreamBufE","type":"OBJECT"},{"name":"_IsConnected","type":"FUNC"},{"name":"_ZNK4Poco4Util24MissingArgumentException4nameEv","type":"FUNC"},{"name":"NE_POIZip_Clear","type":"FUNC"},{"name":"DB_Open","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":2066944,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":6,"num_section_headers":21,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"epoll_ctl","type":"FUNC"},{"name":"_ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_PKcS4_","type":"FUNC"},{"name":"pthread_cond_signal","type":"FUNC"},{"name":"glDrawArrays","type":"FUNC"},{"name":"_toupper_tab_","type":"OBJECT"},{"name":"_ZNSiD2Ev","type":"FUNC"},{"name":"pthread_attr_setschedpolicy","type":"FUNC"},{"name":"_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_RS3_","type":"FUNC"},{"name":"_ZNSdD1Ev","type":"FUNC"},{"name":"tempnam","type":"FUNC"},{"name":"strncasecmp","type":"FUNC"},{"name":"__errno","type":"FUNC"},{"name":"_ZTv0_n12_NSoD1Ev","type":"FUNC"},{"name":"_ZTVSt15basic_streambufIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZTISi","type":"OBJECT"},{"name":"fgetpos","type":"FUNC"},{"name":"_ZNSs9push_backEc","type":"FUNC"},{"name":"glBindBuffer","type":"FUNC"},{"name":"_ZNSs6resizeEjc","type":"FUNC"},{"name":"connect","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZNSs13_S_copy_charsEPcN9__gnu_cxx17__normal_iteratorIPKcSsEES4_","type":"FUNC"},{"name":"glFramebufferTexture2D","type":"FUNC"},{"name":"_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c","type":"FUNC"},{"name":"ftell","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"select","type":"FUNC"},{"name":"printf","type":"FUNC"},{"name":"strdup","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZNSolsEs","type":"FUNC"},{"name":"_ZNSs4swapERSs","type":"FUNC"},{"name":"_ZNSt15basic_streambufIcSt11char_traitsIcEED2Ev","type":"FUNC"},{"name":"_ZNSoD1Ev","type":"FUNC"},{"name":"_ZNSs6assignERKSs","type":"FUNC"},{"name":"_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZNKSs7compareEjjRKSs","type":"FUNC"},{"name":"glEnableVertexAttribArray","type":"FUNC"},{"name":"gmtime_r","type":"FUNC"},{"name":"modf","type":"FUNC"},{"name":"_ZNSt6localeD1Ev","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev","type":"FUNC"},{"name":"_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode","type":"FUNC"},{"name":"abort","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"glDeleteFramebuffers","type":"FUNC"},{"name":"gettid","type":"FUNC"},{"name":"glClear","type":"FUNC"},{"name":"glDisable","type":"FUNC"},{"name":"_ZNSt12out_of_rangeD1Ev","type":"FUNC"},{"name":"sigsetjmp","type":"FUNC"},{"name":"freeaddrinfo","type":"FUNC"},{"name":"_ZTVSt9exception","type":"OBJECT"},{"name":"_ZTIh","type":"OBJECT"},{"name":"_ZTTSt19basic_istringstreamIcSt11char_traitsIcESaIcEE","type":"OBJECT"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"fork","type":"FUNC"},{"name":"_ZTVSt18basic_stringstreamIcSt11char_traitsIcESaIcEE","type":"OBJECT"},{"name":"sem_unlink","type":"FUNC"},{"name":"sched_get_priority_min","type":"FUNC"},{"name":"_ZNSt9basic_iosIcSt11char_traitsIcEE5imbueERKSt6locale","type":"FUNC"},{"name":"_ZNKSs5rfindEcj","type":"FUNC"},{"name":"_ZTIx","type":"OBJECT"},{"name":"uname","type":"FUNC"},{"name":"_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc","type":"FUNC"},{"name":"_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev","type":"FUNC"},{"name":"getservbyname","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".hash","phisical_offset":244,"section_type":"HASH","size":181388,"virtual_address":244},{"flags":"A","name":".dynsym","phisical_offset":181632,"section_type":"DYNSYM","size":462944,"virtual_address":181632},{"flags":"A","name":".dynstr","phisical_offset":644576,"section_type":"STRTAB","size":1204094,"virtual_address":644576},{"flags":"A","name":".rel.dyn","phisical_offset":1848672,"section_type":"REL","size":207600,"virtual_address":1848672},{"flags":"A","name":".rel.plt","phisical_offset":2056272,"section_type":"REL","size":4184,"virtual_address":2056272},{"flags":"AX","name":".plt","phisical_offset":2060456,"section_type":"PROGBITS","size":6480,"virtual_address":2060456},{"flags":"AX","name":".text","phisical_offset":2066944,"section_type":"PROGBITS","size":7066864,"virtual_address":2066944},{"flags":"A","name":".rodata","phisical_offset":9133808,"section_type":"PROGBITS","size":675920,"virtual_address":9133808},{"flags":"A","name":".ARM.extab","phisical_offset":9809728,"section_type":"PROGBITS","size":263848,"virtual_address":9809728},{"flags":"AL","name":".ARM.exidx","phisical_offset":10073576,"section_type":"ARM_EXIDX","size":120728,"virtual_address":10073576},{"flags":"WA","name":".init_array","phisical_offset":10225352,"section_type":"INIT_ARRAY","size":752,"virtual_address":10225352},{"flags":"WA","name":".fini_array","phisical_offset":10226104,"section_type":"FINI_ARRAY","size":12,"virtual_address":10226104},{"flags":"WA","name":".data.rel.ro","phisical_offset":10226120,"section_type":"PROGBITS","size":114312,"virtual_address":10226120},{"flags":"WA","name":".dynamic","phisical_offset":10340432,"section_type":"DYNAMIC","size":296,"virtual_address":10340432},{"flags":"WA","name":".got","phisical_offset":10340728,"section_type":"PROGBITS","size":13960,"virtual_address":10340728},{"flags":"WA","name":".data","phisical_offset":10354688,"section_type":"PROGBITS","size":120816,"virtual_address":10354688},{"flags":"WA","name":".bss","phisical_offset":10475504,"section_type":"NOBITS","size":1134068,"virtual_address":10475504},{"flags":"","name":".ARM.attributes","phisical_offset":10475504,"section_type":"ARM_ATTRIBUTES","size":51,"virtual_address":0},{"flags":"MS","name":".comment","phisical_offset":10475555,"section_type":"PROGBITS","size":83,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10475638,"section_type":"STRTAB","size":174,"virtual_address":0}],"segment_list":[{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".hash",".dynsym",".dynstr",".rel.dyn",".rel.plt",".plt",".text",".rodata",".ARM.extab",".ARM.exidx"],"segment_type":"LOAD"},{"resources":[".init_array",".fini_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".init_array",".fini_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1591778633,"last_analysis_date":1601723153,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32863","method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22091","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27210B:27.20386","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87150","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":0,"type-unsupported":14,"undetected":60},"last_modification_date":1601723172,"last_submission_date":1591778633,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"b275695cf7b42020d85ea37550ab5ef7","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"f058ebb581f22882290b27725df94bb302b89504","sha256":"48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","size":10476652,"ssdeep":"98304:TtL4ar5wuZNMvErMGrSFBFKkm4m9faPUOjung0SuOD8zVzzgH9GSLf1aNqnkHir5:14a2uQGg0Z3zwoSjGH023k","tags":["elf","shared-lib"],"telfhash":"t1e9442cb6383d4c07dcf31b657dfb2b09025a74967b75eda19eb0c6a8161084e31be84e","times_submitted":25,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"464e34041fe26316302d33b4d2d3aa78"},"context_attributes":{"match_in_subfile":false,"notification_date":1601726793,"notification_id":"1595667233448289-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"65 72 76 65 72 57 72 61 70 70 65 72 43 31 45 76 erverWrapperC1Ev\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 69 6E 67 6C ._ZN4*begin_highlight*Poco*end_highlight*15Singl\n65 74 6F 6E 48 6F 6C 64 65 72 49 4E 31 35 63 65 etonHolderIN15ce\n44 61 74 61 44 6F 77 6E 6C 6F 61 64 43 6F 6E 74 DataDownloadCont\n72 6F 6C 6C 65 72 44 31 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* rollerD1Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*39 46 61 73 74 4D 75 74 65 78 44 31 45 *begin_highlight*oco*end_highlight*9FastMutexD1E\n6F 63 6F 39 46 61 73 74 4D 75 74 65 78 44 31 45 oco9FastMutexD1E\n76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 30 53 63 6F 70 v._ZN4*begin_highlight*Poco*end_highlight*10Scop\n65 64 4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D edLockINS_9FastM\n65 64 4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D edLockINS_9FastM\n75 74 65 78 45 45 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* utexEED2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 *begin_highlight*oco*end_highlight*15SystemExcep\n74 69 6F 6E 43 31 45 52 4B 53 73 69 00 5F 5A 4E tionC1ERKSsi._ZN\n34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 67 63 68 65 63 6B 31 30 4*begin_highlight*Poco*end_highlight*8Bugcheck10\n75 6E 65 78 70 65 63 74 65 64 45 50 4B 63 69 00 unexpectedEPKci.\n75 6E 65 78 70 65 63 74 65 64 45 50 4B 63 69 00 unexpectedEPKci.\n5F 5A 54 49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 _ZTIN4*begin_highlight*Poco*end_highlight*15Syst\n65 6D 45 78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E emExceptionE._ZN\n65 6D 45 78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E emExceptionE._ZN\n34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 4*begin_highlight*Poco*end_highlight*15SystemExc\n65 70 74 69 6F 6E 44 31 45 76 00 5F 5A 4E 31 35 eptionD1Ev._ZN15\n43 6F 6E 6E 65 63 74 5F 4C 69 73 74 65 6E 65 72 Connect_Listener\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*39 46 61 73 74 4D 75 ._ZN4*begin_highlight*Poco*end_highlight*9FastMu\n74 65 78 43 31 45 76 00 5F 5A 4E 31 35 63 65 72 texC1Ev._ZN15cer\n64 43 6F 6E 74 72 6F 6C 6C 65 72 43 31 45 76 00 dControllerC1Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 30 53 63 6F 70 65 64 _ZN4*begin_highlight*Poco*end_highlight*10Scoped\n4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D 75 74 LockINS_9FastMut\n6C 65 72 38 69 6E 73 74 61 6E 63 65 45 76 45 32 ler8instanceEvE2\n73 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 69 6E sh._ZN4*begin_highlight*Poco*end_highlight*15Sin\n67 6C 65 74 6F 6E 48 6F 6C 64 65 72 49 4E 31 35 gletonHolderIN15\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["drovorub_malware","48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","links":{"self":"https://www.virustotal.com/api/v3/files/48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"__aeabi_unwind_cpp_pr1","type":"FUNC"},{"name":"__aeabi_unwind_cpp_pr0","type":"FUNC"},{"name":"JNI_GL_Reset","type":"FUNC"},{"name":"CT_CtrGLResourceClear","type":"FUNC"},{"name":"_ZN7_JNIEnv9NewObjectEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv20CallStaticVoidMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_Z21registerNativeMethodsP7_JNIEnvPKcPK15JNINativeMethodi","type":"FUNC"},{"name":"JNI_OnLoad","type":"FUNC"},{"name":"gJavaVM","type":"OBJECT"},{"name":"UI_DrawMagName","type":"FUNC"},{"name":"_Z19JNI_stdTime_tToDateP7_JNIEnvl","type":"FUNC"},{"name":"_Z31JNI_dataDownloadStatusCppToJavaP7_JNIEnvPv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus6getUrlEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus22getConnectionStartTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus20getConnectionEndTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus13getHttpStatusEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus16getContentLengthEv","type":"FUNC"},{"name":"SendMessageToJavaUI","type":"FUNC"},{"name":"ConvUtf8ToSjis","type":"FUNC"},{"name":"ShiftJisToUtf8","type":"FUNC"},{"name":"_Z19Lib_JISStrToUTF8StrPcS_ii","type":"FUNC"},{"name":"JNI_Java_GetTrafficInformation","type":"FUNC"},{"name":"JNI_Java_CopyTrafficInformation","type":"FUNC"},{"name":"JNI_Java_GetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetConnectionErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetGetPWDataFlag","type":"FUNC"},{"name":"JNI_Java_tmcPlg_updateCallback","type":"FUNC"},{"name":"JNI_NE_POI_Facility_SearchRefine","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefuctureRecListCount","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefectureRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_Cancel","type":"FUNC"},{"name":"JNI_NE_POIArnd_SetDistance","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList_ShortCut","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecCount","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetNextTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNextList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetPrevTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchPrevList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_CancelQuery","type":"FUNC"},{"name":"JNI_NE_GetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_SetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_GetMapCenter","type":"FUNC"},{"name":"JNI_LIB_dtmConvByDegree","type":"FUNC"},{"name":"JNI_NE_GetMapLevel","type":"FUNC"},{"name":"JNI_NE_GetMapLevelScale","type":"FUNC"},{"name":"JNI_CT_GetMapPosition","type":"FUNC"},{"name":"JNI_CT_GetReqMapPosition","type":"FUNC"},{"name":"JNI_NE_CalcAppLevelScale","type":"FUNC"},{"name":"JNI_NE_CalcScale","type":"FUNC"},{"name":"JNI_NE_ExposeMap","type":"FUNC"},{"name":"JNI_NE_GetAddressString","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRect","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRect","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetAddressCode","type":"FUNC"},{"name":"JNI_NE_GetAreaCode","type":"FUNC"},{"name":"JNI_NE_GetMyPosi","type":"FUNC"},{"name":"JNI_NE_AjustMyPosi","type":"FUNC"},{"name":"JNI_NE_GetNaviMode","type":"FUNC"},{"name":"JNI_NE_SetNaviMode","type":"FUNC"},{"name":"JNI_NE_ActivateControl","type":"FUNC"},{"name":"JNI_CT_UIC_RouteFailerProc","type":"FUNC"},{"name":"JNI_ct_uic_UserScroll","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":0,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":7,"num_section_headers":23,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"__cxa_finalize","type":"FUNC"},{"name":"__cxa_atexit","type":"FUNC"},{"name":"pthread_mutex_destroy","type":"FUNC"},{"name":"pthread_mutexattr_init","type":"FUNC"},{"name":"pthread_mutexattr_settype","type":"FUNC"},{"name":"pthread_mutex_init","type":"FUNC"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"__android_log_print","type":"FUNC"},{"name":"pthread_mutex_lock","type":"FUNC"},{"name":"pthread_mutex_unlock","type":"FUNC"},{"name":"__gxx_personality_v0","type":"FUNC"},{"name":"_ZNSsD1Ev","type":"FUNC"},{"name":"__cxa_end_cleanup","type":"FUNC"},{"name":"_Znaj","type":"FUNC"},{"name":"memcpy","type":"FUNC"},{"name":"strcpy","type":"FUNC"},{"name":"_ZNSt8ios_base4InitC1Ev","type":"FUNC"},{"name":"__aeabi_atexit","type":"FUNC"},{"name":"_ZNSt8ios_base4InitD1Ev","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"__stack_chk_fail","type":"FUNC"},{"name":"__stack_chk_guard","type":"OBJECT"},{"name":"_ZdaPv","type":"FUNC"},{"name":"memset","type":"FUNC"},{"name":"malloc","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"sprintf","type":"FUNC"},{"name":"_Znwj","type":"FUNC"},{"name":"_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base","type":"FUNC"},{"name":"_ZdlPv","type":"FUNC"},{"name":"_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base9_M_unhookEv","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base7_M_hookEPS0_","type":"FUNC"},{"name":"_ZNSs4_Rep20_S_empty_rep_storageE","type":"OBJECT"},{"name":"_ZNSsC1EPKcRKSaIcE","type":"FUNC"},{"name":"_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_guard_acquire","type":"FUNC"},{"name":"__cxa_guard_release","type":"FUNC"},{"name":"__cxa_guard_abort","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZTVN10__cxxabiv117__class_type_infoE","type":"OBJECT"},{"name":"_ZTVN10__cxxabiv120__si_class_type_infoE","type":"OBJECT"},{"name":"sin","type":"FUNC"},{"name":"cos","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"sqrt","type":"FUNC"},{"name":"acos","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"unlink","type":"FUNC"},{"name":"mkdir","type":"FUNC"},{"name":"rmdir","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"sleep","type":"FUNC"},{"name":"pthread_cond_wait","type":"FUNC"},{"name":"usleep","type":"FUNC"},{"name":"strcat","type":"FUNC"},{"name":"strcmp","type":"FUNC"},{"name":"open","type":"FUNC"},{"name":"write","type":"FUNC"},{"name":"close","type":"FUNC"},{"name":"read","type":"FUNC"},{"name":"fstat","type":"FUNC"},{"name":"rename","type":"FUNC"},{"name":"time","type":"FUNC"},{"name":"localtime","type":"FUNC"},{"name":"strftime","type":"FUNC"},{"name":"pthread_cond_init","type":"FUNC"},{"name":"pthread_create","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".dynsym","phisical_offset":276,"section_type":"DYNSYM","size":478736,"virtual_address":276},{"flags":"A","name":".dynstr","phisical_offset":479012,"section_type":"STRTAB","size":1253870,"virtual_address":479012},{"flags":"A","name":".hash","phisical_offset":1732884,"section_type":"HASH","size":185336,"virtual_address":1732884},{"flags":"A","name":".rel.dyn","phisical_offset":1918220,"section_type":"REL","size":206304,"virtual_address":1918220},{"flags":"A","name":".rel.plt","phisical_offset":2124524,"section_type":"REL","size":4168,"virtual_address":2124524},{"flags":"AX","name":".plt","phisical_offset":2128692,"section_type":"PROGBITS","size":6272,"virtual_address":2128692},{"flags":"AX","name":".text","phisical_offset":2134976,"section_type":"PROGBITS","size":6684192,"virtual_address":2134976},{"flags":"A","name":".ARM.extab","phisical_offset":8819168,"section_type":"PROGBITS","size":258404,"virtual_address":8819168},{"flags":"AL","name":".ARM.exidx","phisical_offset":9077572,"section_type":"ARM_EXIDX","size":160840,"virtual_address":9077572},{"flags":"A","name":".rodata","phisical_offset":9238416,"section_type":"PROGBITS","size":649828,"virtual_address":9238416},{"flags":"WA","name":".data.rel.ro.local","phisical_offset":9889968,"section_type":"PROGBITS","size":44884,"virtual_address":9894064},{"flags":"WA","name":".fini_array","phisical_offset":9934852,"section_type":"FINI_ARRAY","size":8,"virtual_address":9938948},{"flags":"WA","name":".init_array","phisical_offset":9934860,"section_type":"INIT_ARRAY","size":788,"virtual_address":9938956},{"flags":"WA","name":".data.rel.ro","phisical_offset":9935648,"section_type":"PROGBITS","size":68816,"virtual_address":9939744},{"flags":"WA","name":".dynamic","phisical_offset":10004464,"section_type":"DYNAMIC","size":296,"virtual_address":10008560},{"flags":"WA","name":".got","phisical_offset":10004760,"section_type":"PROGBITS","size":14056,"virtual_address":10008856},{"flags":"WA","name":".data","phisical_offset":10018816,"section_type":"PROGBITS","size":120300,"virtual_address":10022912},{"flags":"WA","name":".bss","phisical_offset":10139116,"section_type":"NOBITS","size":1149410,"virtual_address":10143216},{"flags":"MS","name":".comment","phisical_offset":10139116,"section_type":"PROGBITS","size":38,"virtual_address":0},{"flags":"","name":".note.gnu.gold-version","phisical_offset":10139156,"section_type":"NOTE","size":28,"virtual_address":0},{"flags":"","name":".ARM.attributes","phisical_offset":10139184,"section_type":"ARM_ATTRIBUTES","size":52,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10139236,"section_type":"STRTAB","size":216,"virtual_address":0}],"segment_list":[{"resources":[],"segment_type":"PHDR"},{"resources":[".dynsym",".dynstr",".hash",".rel.dyn",".rel.plt",".plt",".text",".ARM.extab",".ARM.exidx",".rodata"],"segment_type":"LOAD"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1590716559,"last_analysis_date":1601686635,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201002","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201002","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201002","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201002","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201002","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201002","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201002","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201002","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201002","engine_version":"201002-02","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201002","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201002","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201002","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201001","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201002","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"failure","engine_name":"Comodo","engine_update":"20201002","engine_version":null,"method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201002","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201002","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201002","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201002","engine_version":"22089","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201002","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201002","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201002","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201002","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201002","engine_version":"A:25.27207B:27.20380","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201002","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201002","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201002","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201002","engine_version":"11.142.35348","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201002","engine_version":"11.142.35349","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201002","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201002","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201002","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201002","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201002","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201002","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201002","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201002","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201002","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201002","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201002","engine_version":"2020-10-02.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201002","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201002","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201002","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201002","engine_version":"87136","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201002","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":1,"harmless":0,"malicious":0,"suspicious":0,"timeout":0,"type-unsupported":14,"undetected":59},"last_modification_date":1601686690,"last_submission_date":1590716559,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"43d2850e1b83864b0d8c39dab5c4277e","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"56c36bfd4bbb1e3084e8e87657f02dbc4ba87755","sha256":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","size":10140372,"ssdeep":"98304:r9c75xJTNuqswu802WPrPDFVYea4cidBpIsPRebD3eKcgogK:r675vNuqswu8CrbYexdLIJ3Q1","tags":["elf","shared-lib"],"telfhash":"t15344fbba383d4c17dcf31b657dfb2b0d025a74967b75dd919eb0c2a8161088e317a88e","times_submitted":17,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"7e87ba19547734eb641bada795c98bda"},"context_attributes":{"match_in_subfile":false,"notification_date":1601690342,"notification_id":"1594819139452867-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"54 55 53 45 52 4E 53 5F 36 64 6C 49 6E 66 6F 45 TUSERNS_6dlInfoE\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 ._ZN4*begin_highlight*Poco*end_highlight*15Syste\n6D 45 78 63 65 70 74 69 6F 6E 43 31 45 52 4B 53 mExceptionC1ERKS\n73 69 00 5F 5F 63 78 61 5F 62 65 67 69 6E 5F 63 si.__cxa_begin_c\n61 74 63 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 atch._ZN4*begin_highlight*Poco*end_highlight*8Bu\n67 63 68 65 63 6B 31 30 75 6E 65 78 70 65 63 74 gcheck10unexpect\n65 65 5F 65 78 63 65 70 74 69 6F 6E 00 5F 5A 54 ee_exception._ZT\n49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 IN4*begin_highlight*Poco*end_highlight*15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 50 6F xceptionE._ZN4Po\n49 4E 34 50 6F 63 6F 31 35 53 79 73 74 65 6D 45 IN4Poco15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* xceptionE._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 74 *begin_highlight*co*end_highlight*15SystemExcept\n4E 32 44 4C 31 34 47 65 74 4D 61 70 54 65 6D 70 N2DL14GetMapTemp\n50 61 74 68 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 PathEv._ZN4*begin_highlight*Poco*end_highlight*1\n33 54 65 6D 70 6F 72 61 72 79 46 69 6C 65 43 31 3TemporaryFileC1\n61 6C 65 44 31 45 76 00 5F 5A 4E 53 74 38 69 6F aleD1Ev._ZNSt8io\n73 5F 62 61 73 65 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* s_baseD2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 33 54 65 6D 70 6F 72 61 72 79 46 69 *begin_highlight*oco*end_highlight*13TemporaryFi\n4E 53 31 5F 31 30 73 68 61 72 65 64 5F 70 74 72 NS1_10shared_ptr\n49 63 45 45 6A 45 45 45 00 5F 5A 4E 34 *begin_highlight*50 6F 63*end_highlight* IcEEjEEE._ZN4*begin_highlight*Poc*end_highlight*\n*begin_highlight*6F *end_highlight*31 37 4E 6F 74 69 66 69 63 61 74 69 6F 6E 51 *begin_highlight*o*end_highlight*17NotificationQ\n53 65 61 72 63 68 52 6F 75 74 65 36 67 65 74 55 SearchRoute6getU\n72 6C 45 52 53 73 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*35 rlERSs._ZN4*begin_highlight*Poco*end_highlight*5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 50 6F MutexC1Ev._ZN4Po\n72 6C 45 52 53 73 00 5F 5A 4E 34 50 6F 63 6F 35 rlERSs._ZN4Poco5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* MutexC1Ev._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*35 4D 75 74 65 78 44 31 45 76 00 5F 5A 54 *begin_highlight*co*end_highlight*5MutexD1Ev._ZT\n69 63 61 74 69 6F 6E 42 61 73 65 44 32 45 76 00 icationBaseD2Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 32 4E 6F 74 69 66 69 _ZN4*begin_highlight*Poco*end_highlight*12Notifi\n63 61 74 69 6F 6E 44 32 45 76 00 5F 5A 54 56 32 cationD2Ev._ZTV2\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","drovorub_malware","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","links":{"self":"https://www.virustotal.com/api/v3/files/13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"__aeabi_unwind_cpp_pr1","type":"FUNC"},{"name":"__aeabi_unwind_cpp_pr0","type":"FUNC"},{"name":"JNI_GL_Reset","type":"FUNC"},{"name":"CT_CtrGLResourceClear","type":"FUNC"},{"name":"_ZN7_JNIEnv9NewObjectEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv20CallStaticVoidMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_Z21registerNativeMethodsP7_JNIEnvPKcPK15JNINativeMethodi","type":"FUNC"},{"name":"JNI_OnLoad","type":"FUNC"},{"name":"gJavaVM","type":"OBJECT"},{"name":"UI_DrawMagName","type":"FUNC"},{"name":"_Z19JNI_stdTime_tToDateP7_JNIEnvl","type":"FUNC"},{"name":"_Z31JNI_dataDownloadStatusCppToJavaP7_JNIEnvPv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus6getUrlEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus22getConnectionStartTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus20getConnectionEndTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus13getHttpStatusEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus16getContentLengthEv","type":"FUNC"},{"name":"SendMessageToJavaUI","type":"FUNC"},{"name":"ConvUtf8ToSjis","type":"FUNC"},{"name":"ShiftJisToUtf8","type":"FUNC"},{"name":"_Z19Lib_JISStrToUTF8StrPcS_ii","type":"FUNC"},{"name":"JNI_Java_GetTrafficInformation","type":"FUNC"},{"name":"JNI_Java_CopyTrafficInformation","type":"FUNC"},{"name":"JNI_Java_GetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetConnectionErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetGetPWDataFlag","type":"FUNC"},{"name":"JNI_Java_tmcPlg_updateCallback","type":"FUNC"},{"name":"JNI_NE_POI_Facility_SearchRefine","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefuctureRecListCount","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefectureRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_Cancel","type":"FUNC"},{"name":"JNI_NE_POIArnd_SetDistance","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList_ShortCut","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecCount","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetNextTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNextList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetPrevTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchPrevList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_CancelQuery","type":"FUNC"},{"name":"JNI_NE_GetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_SetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_GetMapCenter","type":"FUNC"},{"name":"JNI_LIB_dtmConvByDegree","type":"FUNC"},{"name":"JNI_NE_GetMapLevel","type":"FUNC"},{"name":"JNI_NE_GetMapLevelScale","type":"FUNC"},{"name":"JNI_CT_GetMapPosition","type":"FUNC"},{"name":"JNI_CT_GetReqMapPosition","type":"FUNC"},{"name":"JNI_NE_CalcAppLevelScale","type":"FUNC"},{"name":"JNI_NE_CalcScale","type":"FUNC"},{"name":"JNI_NE_ExposeMap","type":"FUNC"},{"name":"JNI_NE_GetAddressString","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRect","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRect","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetAddressCode","type":"FUNC"},{"name":"JNI_NE_GetAreaCode","type":"FUNC"},{"name":"JNI_NE_GetMyPosi","type":"FUNC"},{"name":"JNI_NE_AjustMyPosi","type":"FUNC"},{"name":"JNI_NE_GetNaviMode","type":"FUNC"},{"name":"JNI_NE_SetNaviMode","type":"FUNC"},{"name":"JNI_NE_ActivateControl","type":"FUNC"},{"name":"JNI_CT_UIC_RouteFailerProc","type":"FUNC"},{"name":"JNI_ct_uic_UserScroll","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":0,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":7,"num_section_headers":23,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"__cxa_finalize","type":"FUNC"},{"name":"__cxa_atexit","type":"FUNC"},{"name":"pthread_mutex_destroy","type":"FUNC"},{"name":"pthread_mutexattr_init","type":"FUNC"},{"name":"pthread_mutexattr_settype","type":"FUNC"},{"name":"pthread_mutex_init","type":"FUNC"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"__android_log_print","type":"FUNC"},{"name":"pthread_mutex_lock","type":"FUNC"},{"name":"pthread_mutex_unlock","type":"FUNC"},{"name":"__gxx_personality_v0","type":"FUNC"},{"name":"_ZNSsD1Ev","type":"FUNC"},{"name":"__cxa_end_cleanup","type":"FUNC"},{"name":"_Znaj","type":"FUNC"},{"name":"memcpy","type":"FUNC"},{"name":"strcpy","type":"FUNC"},{"name":"_ZNSt8ios_base4InitC1Ev","type":"FUNC"},{"name":"__aeabi_atexit","type":"FUNC"},{"name":"_ZNSt8ios_base4InitD1Ev","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"__stack_chk_fail","type":"FUNC"},{"name":"__stack_chk_guard","type":"OBJECT"},{"name":"_ZdaPv","type":"FUNC"},{"name":"memset","type":"FUNC"},{"name":"malloc","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"sprintf","type":"FUNC"},{"name":"_Znwj","type":"FUNC"},{"name":"_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base","type":"FUNC"},{"name":"_ZdlPv","type":"FUNC"},{"name":"_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base9_M_unhookEv","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base7_M_hookEPS0_","type":"FUNC"},{"name":"_ZNSs4_Rep20_S_empty_rep_storageE","type":"OBJECT"},{"name":"_ZNSsC1EPKcRKSaIcE","type":"FUNC"},{"name":"_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_guard_acquire","type":"FUNC"},{"name":"__cxa_guard_release","type":"FUNC"},{"name":"__cxa_guard_abort","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZTVN10__cxxabiv117__class_type_infoE","type":"OBJECT"},{"name":"_ZTVN10__cxxabiv120__si_class_type_infoE","type":"OBJECT"},{"name":"sin","type":"FUNC"},{"name":"cos","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"sqrt","type":"FUNC"},{"name":"acos","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"unlink","type":"FUNC"},{"name":"mkdir","type":"FUNC"},{"name":"rmdir","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"sleep","type":"FUNC"},{"name":"pthread_cond_wait","type":"FUNC"},{"name":"usleep","type":"FUNC"},{"name":"strcat","type":"FUNC"},{"name":"strcmp","type":"FUNC"},{"name":"open","type":"FUNC"},{"name":"write","type":"FUNC"},{"name":"close","type":"FUNC"},{"name":"read","type":"FUNC"},{"name":"fstat","type":"FUNC"},{"name":"rename","type":"FUNC"},{"name":"time","type":"FUNC"},{"name":"localtime","type":"FUNC"},{"name":"strftime","type":"FUNC"},{"name":"pthread_cond_init","type":"FUNC"},{"name":"pthread_create","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".dynsym","phisical_offset":276,"section_type":"DYNSYM","size":478736,"virtual_address":276},{"flags":"A","name":".dynstr","phisical_offset":479012,"section_type":"STRTAB","size":1253870,"virtual_address":479012},{"flags":"A","name":".hash","phisical_offset":1732884,"section_type":"HASH","size":185336,"virtual_address":1732884},{"flags":"A","name":".rel.dyn","phisical_offset":1918220,"section_type":"REL","size":206304,"virtual_address":1918220},{"flags":"A","name":".rel.plt","phisical_offset":2124524,"section_type":"REL","size":4168,"virtual_address":2124524},{"flags":"AX","name":".plt","phisical_offset":2128692,"section_type":"PROGBITS","size":6272,"virtual_address":2128692},{"flags":"AX","name":".text","phisical_offset":2134976,"section_type":"PROGBITS","size":6684192,"virtual_address":2134976},{"flags":"A","name":".ARM.extab","phisical_offset":8819168,"section_type":"PROGBITS","size":258404,"virtual_address":8819168},{"flags":"AL","name":".ARM.exidx","phisical_offset":9077572,"section_type":"ARM_EXIDX","size":160840,"virtual_address":9077572},{"flags":"A","name":".rodata","phisical_offset":9238416,"section_type":"PROGBITS","size":649828,"virtual_address":9238416},{"flags":"WA","name":".data.rel.ro.local","phisical_offset":9889968,"section_type":"PROGBITS","size":44884,"virtual_address":9894064},{"flags":"WA","name":".fini_array","phisical_offset":9934852,"section_type":"FINI_ARRAY","size":8,"virtual_address":9938948},{"flags":"WA","name":".init_array","phisical_offset":9934860,"section_type":"INIT_ARRAY","size":788,"virtual_address":9938956},{"flags":"WA","name":".data.rel.ro","phisical_offset":9935648,"section_type":"PROGBITS","size":68816,"virtual_address":9939744},{"flags":"WA","name":".dynamic","phisical_offset":10004464,"section_type":"DYNAMIC","size":296,"virtual_address":10008560},{"flags":"WA","name":".got","phisical_offset":10004760,"section_type":"PROGBITS","size":14056,"virtual_address":10008856},{"flags":"WA","name":".data","phisical_offset":10018816,"section_type":"PROGBITS","size":120300,"virtual_address":10022912},{"flags":"WA","name":".bss","phisical_offset":10139116,"section_type":"NOBITS","size":1149410,"virtual_address":10143216},{"flags":"MS","name":".comment","phisical_offset":10139116,"section_type":"PROGBITS","size":38,"virtual_address":0},{"flags":"","name":".note.gnu.gold-version","phisical_offset":10139156,"section_type":"NOTE","size":28,"virtual_address":0},{"flags":"","name":".ARM.attributes","phisical_offset":10139184,"section_type":"ARM_ATTRIBUTES","size":52,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10139236,"section_type":"STRTAB","size":216,"virtual_address":0}],"segment_list":[{"resources":[],"segment_type":"PHDR"},{"resources":[".dynsym",".dynstr",".hash",".rel.dyn",".rel.plt",".plt",".text",".ARM.extab",".ARM.exidx",".rodata"],"segment_type":"LOAD"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1590716559,"last_analysis_date":1601723226,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32863","method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22091","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27210B:27.20386","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"timeout","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87150","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":2,"type-unsupported":14,"undetected":58},"last_modification_date":1601723329,"last_submission_date":1590716559,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"43d2850e1b83864b0d8c39dab5c4277e","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"56c36bfd4bbb1e3084e8e87657f02dbc4ba87755","sha256":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","size":10140372,"ssdeep":"98304:r9c75xJTNuqswu802WPrPDFVYea4cidBpIsPRebD3eKcgogK:r675vNuqswu8CrbYexdLIJ3Q1","tags":["elf","shared-lib"],"telfhash":"t15344fbba383d4c17dcf31b657dfb2b0d025a74967b75dd919eb0c2a8161088e317a88e","times_submitted":17,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"7e87ba19547734eb641bada795c98bda"},"context_attributes":{"match_in_subfile":false,"notification_date":1601726977,"notification_id":"1595660901067233-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"54 55 53 45 52 4E 53 5F 36 64 6C 49 6E 66 6F 45 TUSERNS_6dlInfoE\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 ._ZN4*begin_highlight*Poco*end_highlight*15Syste\n6D 45 78 63 65 70 74 69 6F 6E 43 31 45 52 4B 53 mExceptionC1ERKS\n73 69 00 5F 5F 63 78 61 5F 62 65 67 69 6E 5F 63 si.__cxa_begin_c\n61 74 63 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 atch._ZN4*begin_highlight*Poco*end_highlight*8Bu\n67 63 68 65 63 6B 31 30 75 6E 65 78 70 65 63 74 gcheck10unexpect\n65 65 5F 65 78 63 65 70 74 69 6F 6E 00 5F 5A 54 ee_exception._ZT\n49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 IN4*begin_highlight*Poco*end_highlight*15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 50 6F xceptionE._ZN4Po\n49 4E 34 50 6F 63 6F 31 35 53 79 73 74 65 6D 45 IN4Poco15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* xceptionE._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 74 *begin_highlight*co*end_highlight*15SystemExcept\n4E 32 44 4C 31 34 47 65 74 4D 61 70 54 65 6D 70 N2DL14GetMapTemp\n50 61 74 68 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 PathEv._ZN4*begin_highlight*Poco*end_highlight*1\n33 54 65 6D 70 6F 72 61 72 79 46 69 6C 65 43 31 3TemporaryFileC1\n61 6C 65 44 31 45 76 00 5F 5A 4E 53 74 38 69 6F aleD1Ev._ZNSt8io\n73 5F 62 61 73 65 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* s_baseD2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 33 54 65 6D 70 6F 72 61 72 79 46 69 *begin_highlight*oco*end_highlight*13TemporaryFi\n4E 53 31 5F 31 30 73 68 61 72 65 64 5F 70 74 72 NS1_10shared_ptr\n49 63 45 45 6A 45 45 45 00 5F 5A 4E 34 *begin_highlight*50 6F 63*end_highlight* IcEEjEEE._ZN4*begin_highlight*Poc*end_highlight*\n*begin_highlight*6F *end_highlight*31 37 4E 6F 74 69 66 69 63 61 74 69 6F 6E 51 *begin_highlight*o*end_highlight*17NotificationQ\n53 65 61 72 63 68 52 6F 75 74 65 36 67 65 74 55 SearchRoute6getU\n72 6C 45 52 53 73 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*35 rlERSs._ZN4*begin_highlight*Poco*end_highlight*5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 50 6F MutexC1Ev._ZN4Po\n72 6C 45 52 53 73 00 5F 5A 4E 34 50 6F 63 6F 35 rlERSs._ZN4Poco5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* MutexC1Ev._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*35 4D 75 74 65 78 44 31 45 76 00 5F 5A 54 *begin_highlight*co*end_highlight*5MutexD1Ev._ZT\n69 63 61 74 69 6F 6E 42 61 73 65 44 32 45 76 00 icationBaseD2Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 32 4E 6F 74 69 66 69 _ZN4*begin_highlight*Poco*end_highlight*12Notifi\n63 61 74 69 6F 6E 44 32 45 76 00 5F 5A 54 56 32 cationD2Ev._ZTV2\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","drovorub_malware","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","links":{"self":"https://www.virustotal.com/api/v3/files/13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28"},"type":"file"} diff --git a/x-pack/filebeat/module/virustotal/module.yml b/x-pack/filebeat/module/virustotal/module.yml new file mode 100644 index 00000000000..df475bac7af --- /dev/null +++ b/x-pack/filebeat/module/virustotal/module.yml @@ -0,0 +1,3 @@ +dashboards: +- id: bd059c90-0e56-11eb-9aef-8b55a4ae31c5 + file: livehunt-overview.json diff --git a/x-pack/filebeat/module/virustotal/section_objects.hjson b/x-pack/filebeat/module/virustotal/section_objects.hjson new file mode 100644 index 00000000000..c1d6af3215a --- /dev/null +++ b/x-pack/filebeat/module/virustotal/section_objects.hjson @@ -0,0 +1,60 @@ +# Section objects + +// Abstract structure for all binary types, missing fields for a given data source will be excluded +{ + name: "Name of code section", + physical_offset: "[keyword] Offset of the section from the beginning of the segment, in hex", + physical_size: "[long] Size of the code section in the file in bytes", + virtual_address: "[keyword] relative virtual memory address when loaded", + virtual_size: "[long] Size of the section in bytes when loaded into memory", + flags: "[keyword] List of flag values as strings for this section", + type: "[keyword] Section type as string, if applicable", + segment_name: "[keyword] Name of segment for this section, if applicable", + entropy: "[float] shannon entropy calculated from section content in bits per byte of information", + chi2: "[float]" +} + + +// Mach-O example +{ + file.macho.sections: [ + { + name: "__nl_symbol_ptr", + flags: ["S_8BYTE_LITERALS"], + type: "S_CSTRING_LITERALS", + segment_name: "__DATA" + }, ... + ] +} +// ELF example +{ + file.elf.sections: [ + { + name: ".data", + physical_offset: "0x3000", + physical_size: 16, + virtual_address: "0x4000", + flags: ["WA"], // This is how VT presents the data. Pretty sure this maps to ["WRITE", "ALLOC"], but I don't have an exhaustive mapping + type: "PROGBITS" + }, ... + ] +} + +// PE example + +{ + file.pe.sections: [ + { + name: ".data", + physical_size: 2542592, + virtual_address: "0x2DE000", + virtual_size: 2579264, + flags: ["rw"], // Again, this is how VT presents it. Likely maps to ["MEM_READ", "MEM_WRITE"], but I don't have an exhaustive mapping + entropy: 6.83, + chi2: 13360996, + hash: { + md5: "9002a963c87901397a986c3333d09627" + } + }, ... + ] +} diff --git a/x-pack/filebeat/modules.d/virustotal.yml.disabled b/x-pack/filebeat/modules.d/virustotal.yml.disabled new file mode 100644 index 00000000000..31b57f31fc2 --- /dev/null +++ b/x-pack/filebeat/modules.d/virustotal.yml.disabled @@ -0,0 +1,11 @@ +# Module: virustotal +# Docs: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-virustotal.html + +- module: virustotal + # All logs + livehunt: + enabled: true + # Set the VirusTotal private API key + var.apikey: "" + # Set retrieval limit, maximum 40, default 10 + var.limit: 10 diff --git a/x-pack/filebeat/tests/virustotal/livehunt-sample.ndjson b/x-pack/filebeat/tests/virustotal/livehunt-sample.ndjson new file mode 100644 index 00000000000..6506c6ff8ea --- /dev/null +++ b/x-pack/filebeat/tests/virustotal/livehunt-sample.ndjson @@ -0,0 +1,25 @@ +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-24cddc642cf7fb7fc7defd0197671a4a","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","iswindowminimized","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"],"rule_name":"IsWindowMinimized","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596605914341828-4642050303721472-061b4792d0612137b3580832cc6ba7ba","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","isdebuggerpresent"],"rule_name":"IsDebuggerPresent","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-fdc7cb12d2f4c1ba3d758a14b383df1e","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","procmessages","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"],"rule_name":"ProcMessages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596605914341828-4642050303721472-a8dbdbfe0f0f9ceb02f00bd44e016b84","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","newsecuritydescriptor"],"rule_name":"NewSecurityDescriptor","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"14d4dbf45b66ba128ed3c6c6a54d48c3d2d913dd30641b426298b1430bc2667b","capabilities_tags":["win_registry","keylogger","screenshot","win_files_operation"],"creation_date":1601030449,"downloadable":true,"exiftool":{"CharacterSet":"Windows, Latin1","CodeSize":"237568","CompanyName":"TODO: \u003cCompany name\u003e","EntryPoint":"0xdec3","FileDescription":"TODO: \u003cFile description\u003e","FileFlagsMask":"0x003f","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"1.0.0.1","FileVersionNumber":"1.0.0.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"208896","InternalName":"WebPageSnapShot.exe","LanguageCode":"English (U.S.)","LegalCopyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","LinkerVersion":"7.1","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","OriginalFileName":"WebPageSnapShot.exe","PEType":"PE32","ProductName":"TODO: \u003cProduct name\u003e","ProductVersion":"1.0.0.1","ProductVersionNumber":"1.0.0.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2020:09:25 10:40:49+00:00","UninitializedDataSize":"0"},"first_submission_date":1601042407,"last_analysis_date":1601755449,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.Agent.Emotet"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43958861"},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Win32.Emotet.L!c"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C4199919"},"Alibaba":{"category":"malicious","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":"Trojan:Win32/Emotet.5ef36210"},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan[Banker]/Win32.Emotet"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29EC24D"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:BankerX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AD.Emotet.ukflj"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43958861"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.EmotetNTR.Trojan"},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Exar-9769617-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 85)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Emotet.EJVS-5757"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader34.53409"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Emotet.CB"},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.Emotet (A)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AD.Emotet.ukflj"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Emotet.1029!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan-Banker.Agent"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/Generic-R + Troj/Emotet-CPH"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Banker.Emotet.org"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=89)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.MalPack.TRE"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.11417434.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Emotet-FSF!EC15B8B7253B"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Emotet.gh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43958861"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Emotet!rfn"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Emotet.hwqnvg"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Generic/Trojan.45c"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Kryptik!1.CC98 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Emotet-CPH"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Emotet"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"malicious","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":"Trojan/W32.Agent.434176.YJ"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"TROJ_GEN.R002C0DIS20"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.Trojan.Zenpak"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"malicious","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":"Trojan.Win32.Z.Emoteto.434176.FR"},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Emotet.Win32.32298"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan-Banker.Win32.Emotet.pef"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"undetected","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":52,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":18},"last_modification_date":1601755671,"last_submission_date":1601042407,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"796868e8aa9a88ac","raw_md5":"8297bdd48159ad5678ffab8174e1760c"},"md5":"ec15b8b7253bc4f9f838fc2f36915c49","meaningful_name":"WebPageSnapShot.exe","names":["WebPageSnapShot.exe","emotet_exe_e1_2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca_2020-09-25__140003.exe_20200925_104049+0000"],"packers":{"PEiD":"Microsoft Visual C++ v7.0"},"pe_info":{"compiler_product_versions":["id: 95, version: 2179 count=13","id: 25, version: 9210 count=6","id: 93, version: 2067 count=2","id: 93, version: 2179 count=19","[---] Unmarked objects count=582","[ASM] VS2003 (.NET) build 3077 count=25","[ C ] VS2003 (.NET) build 3077 count=144","[C++] VS2003 (.NET) build 3077 count=128","[EXP] VS2003 (.NET) build 3077 count=1","[RES] VS2003 (.NET) build 3052 count=1","[LNK] VS2003 (.NET) build 3077 count=1"],"debug":[{"codeview":{"age":1,"guid":"453e9215-df98-4201-b93c-0aa2bc59d2f5","name":"c:\\Users\\Dodo\\Downloads\\WebPageSnapShot\\Release\\WebPageSnapShot.pdb","signature":"RSDS"},"offset":278968,"size":92,"timestamp":"Fri Sep 25 10:40:49 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"}],"entry_point":57027,"exports":["y6ithgrhhytt"],"imphash":"8c471737d4ce5b46ac449fd535d18851","import_list":[{"imported_functions":["CommDlgExtendedError","GetSaveFileNameW","PrintDlgW","GetFileTitleW","GetOpenFileNameW"],"library_name":"comdlg32.dll"},{"imported_functions":["ImageList_Draw","Ord(17)","ImageList_GetImageInfo","ImageList_Destroy"],"library_name":"COMCTL32.dll"},{"imported_functions":["ClosePrinter","DocumentPropertiesW","OpenPrinterW"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["GetTextMetricsW","SetMapMode","TextOutW","CreateFontIndirectW","SetBkMode","PatBlt","GetRgnBox","SaveDC","CreateRectRgnIndirect","LPtoDP","CombineRgn","GetClipBox","GetWindowExtEx","GetPixel","GetDeviceCaps","ExcludeClipRect","OffsetViewportOrgEx","DeleteDC","RestoreDC","GetMapMode","CreateBitmap","SelectObject","DeleteObject","IntersectClipRect","BitBlt","SetTextColor","CreatePatternBrush","ExtTextOutW","GetObjectW","CreateEllipticRgn","GetTextExtentPoint32W","RectVisible","GetStockObject","SetViewportOrgEx","ScaleWindowExtEx","SetBkColor","PtVisible","ExtSelectClipRgn","SelectClipRgn","CreateCompatibleDC","ScaleViewportExtEx","CreateRectRgn","GetBkColor","Ellipse","CreateCompatibleBitmap","SetWindowExtEx","GetTextColor","CreateSolidBrush","Escape","GetViewportExtEx","SetViewportExtEx","SetRectRgn"],"library_name":"GDI32.dll"},{"imported_functions":["RegCreateKeyExW","RegDeleteValueW","GetFileSecurityW","RegCloseKey","RegEnumKeyW","RegSetValueExW","RegOpenKeyExW","RegCreateKeyW","RegOpenKeyW","RegDeleteKeyW","RegSetValueW","SetFileSecurityW","RegQueryValueExW","RegQueryValueW"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetStdHandle","FileTimeToSystemTime","HeapDestroy","GetFileAttributesW","lstrcmpW","FreeEnvironmentStringsA","DeleteCriticalSection","GetCurrentProcess","GetLocaleInfoA","LocalAlloc","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","lstrcatW","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","LoadLibraryW","GetStringTypeA","GetDiskFreeSpaceW","InterlockedExchange","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","LocalFree","FormatMessageW","InitializeCriticalSection","LoadResource","GetStringTypeExW","FindClose","TlsGetValue","MoveFileW","GetFullPathNameW","GetCurrentThread","SetLastError","GlobalFindAtomW","GetModuleFileNameW","ExitProcess","GetVersionExA","GetModuleFileNameA","GlobalHandle","LoadLibraryA","EnumResourceLanguagesW","GetVolumeInformationW","InterlockedDecrement","MultiByteToWideChar","GetPrivateProfileStringW","GetModuleHandleA","GlobalAddAtomW","SetUnhandledExceptionFilter","ConvertDefaultLocale","MulDiv","SetEnvironmentVariableA","TerminateProcess","GetVersion","VirtualQuery","LocalFileTimeToFileTime","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","HeapFree","EnterCriticalSection","SetHandleCount","lstrcmpiA","GlobalGetAtomNameW","GetVersionExW","GetOEMCP","QueryPerformanceCounter","GetTickCount","IsBadWritePtr","TlsAlloc","VirtualProtect","FlushFileBuffers","lstrcmpiW","RtlUnwind","GetStartupInfoA","UnlockFile","GetFileSize","GlobalDeleteAtom","GetStartupInfoW","DeleteFileW","GlobalLock","GetPrivateProfileIntW","GetTempFileNameW","CompareStringW","lstrcpyW","GlobalReAlloc","lstrcmpA","CompareStringA","FindFirstFileW","DuplicateHandle","GetProcAddress","GlobalAlloc","GetTimeZoneInformation","CreateFileW","GetFileType","TlsSetValue","HeapAlloc","LeaveCriticalSection","GetLastError","LocalReAlloc","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","GetSystemInfo","lstrlenA","GlobalFree","LCMapStringA","GetThreadLocale","GetEnvironmentStringsW","GlobalUnlock","LockFile","lstrlenW","FileTimeToLocalFileTime","GetEnvironmentStrings","GetCurrentDirectoryW","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","WideCharToMultiByte","HeapSize","GetCommandLineA","WritePrivateProfileStringW","lstrcpynW","RaiseException","TlsFree","SetFilePointer","ReadFile","GlobalFlags","CloseHandle","GetACP","GetModuleHandleW","FreeResource","SizeofResource","HeapCreate","FindResourceW","VirtualFree","IsBadReadPtr","IsBadCodePtr","VirtualAlloc"],"library_name":"KERNEL32.dll"},{"imported_functions":["GdipCreateBitmapFromScan0","GdiplusShutdown","GdipGetImageEncodersSize","GdipGetImageEncoders","GdipFree","GdipGetDC","GdipCloneImage","GdipAlloc","GdipDisposeImage","GdipSaveImageToFile","GdipReleaseDC","GdipGetImageGraphicsContext","GdipDeleteGraphics","GdiplusStartup"],"library_name":"gdiplus.dll"},{"imported_functions":["OleCreateFontIndirect","SafeArrayAccessData","SafeArrayGetLBound","SafeArrayGetUBound","SystemTimeToVariantTime","SysAllocStringLen","SafeArrayUnaccessData","VariantChangeType","VariantClear","SysAllocString","SafeArrayDestroy","SafeArrayCreate","VariantCopy","VariantInit","SafeArrayGetElemsize","SafeArrayGetDim","SysFreeString","SysStringLen"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","DragFinish","SHGetFileInfoW","ExtractIconW"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoTaskMemFree","CoTaskMemAlloc","StgCreateDocfileOnILockBytes","OleFlushClipboard","CoGetClassObject","CLSIDFromProgID","CoRevokeClassObject","CoFreeUnusedLibraries","CoRegisterMessageFilter","StgOpenStorageOnILockBytes","OleIsCurrentClipboard","CLSIDFromString","CreateILockBytesOnHGlobal","OleInitialize"],"library_name":"ole32.dll"},{"imported_functions":["PathIsUNCW","PathStripToRootW","PathFindExtensionW","PathFindFileNameW"],"library_name":"SHLWAPI.dll"},{"imported_functions":["SetFocus","GetForegroundWindow","SetWindowRgn","SetMenuItemBitmaps","LoadBitmapW","SetRectEmpty","DestroyMenu","PostQuitMessage","GetMessagePos","SetWindowPos","GetNextDlgTabItem","IsWindow","GrayStringW","EndPaint","WindowFromPoint","IntersectRect","CopyRect","GetMessageTime","SetActiveWindow","DispatchMessageW","GetCursorPos","MapDialogRect","GetDlgCtrlID","GetMenu","UnregisterClassW","GetClientRect","DrawTextW","SetScrollPos","CallNextHookEx","GetTopWindow","GetWindowTextW","CopyAcceleratorTableW","GetWindowTextLengthW","LoadAcceleratorsW","ScrollWindow","InvalidateRgn","GetMenuItemID","DestroyWindow","GetClassInfoExW","UpdateWindow","GetPropW","EqualRect","GetMessageW","ShowWindow","GetNextDlgGroupItem","SetPropW","ValidateRect","PeekMessageW","InsertMenuItemW","CharUpperW","LoadIconW","EnableWindow","TranslateMessage","IsWindowEnabled","GetWindow","SetParent","RegisterClassW","IsZoomed","GetWindowPlacement","EnableMenuItem","GetSubMenu","SetTimer","GetActiveWindow","IsDialogMessageW","FillRect","SetWindowContextHelpId","GetSysColorBrush","GetClassInfoW","CreateWindowExW","TabbedTextOutW","GetWindowLongW","GetMenuItemInfoW","IsChild","MapWindowPoints","RegisterWindowMessageW","ReleaseCapture","IsIconic","BeginPaint","OffsetRect","DefWindowProcW","GetScrollPos","KillTimer","TranslateAcceleratorW","GetParent","SendDlgItemMessageA","GetSystemMetrics","SetWindowLongW","SetScrollRange","GetWindowRect","InflateRect","SetCapture","DrawIcon","GetScrollRange","ShowOwnedPopups","SendDlgItemMessageW","PostMessageW","GetScrollInfo","CreatePopupMenu","CheckMenuItem","GetClassLongW","GetLastActivePopup","PtInRect","SetWindowTextW","GetDCEx","GetDlgItem","RemovePropW","BringWindowToTop","ClientToScreen","TrackPopupMenu","PostThreadMessageW","GetMenuItemCount","GetMenuState","SetWindowsHookExW","LoadCursorW","GetSystemMenu","ReuseDDElParam","GetDC","InsertMenuW","SetForegroundWindow","GetMenuStringW","CreateDialogIndirectParamW","ReleaseDC","DrawTextExW","EndDialog","FindWindowW","GetCapture","ScreenToClient","MessageBeep","LoadMenuW","DeferWindowPos","BeginDeferWindowPos","MessageBoxW","SendMessageW","LockWindowUpdate","UnhookWindowsHookEx","MoveWindow","AppendMenuW","GetWindowDC","AdjustWindowRectEx","GetSysColor","RegisterClipboardFormatW","SetScrollInfo","GetKeyState","EndDeferWindowPos","SystemParametersInfoA","DestroyIcon","ShowScrollBar","WinHelpW","GetDesktopWindow","UnpackDDElParam","SystemParametersInfoW","SetRect","DeleteMenu","InvalidateRect","CharNextW","CallWindowProcW","GetClassNameW","ModifyMenuW","IsRectEmpty","GetFocus","wsprintfW","IsWindowVisible","SetCursor","SetMenu","GetMenuCheckMarkDimensions"],"library_name":"USER32.dll"},{"imported_functions":["OleUIBusyW"],"library_name":"oledlg.dll"}],"machine_type":332,"resource_details":[{"chi2":20527.75,"entropy":3.026951551437378,"filetype":"Data","lang":"ENGLISH US","sha256":"fbeb3be87e80cb8e1d2af3d8140796c1bb80c6c7056f60897088ff9e355c3867","type":"RT_CURSOR"},{"chi2":18573.416015625,"entropy":2.7427444458007812,"filetype":"Data","lang":"ENGLISH US","sha256":"f64ccc0582bc7c66af8b40049e485e8e241335261ec95ace909293ba50b2e4a3","type":"RT_CURSOR"},{"chi2":25932.00390625,"entropy":2.3403780460357666,"filetype":"Data","lang":"ENGLISH US","sha256":"652988945185cf5d604d9b48de66288d82d8ed0acdd134398e90d002d2d9fc72","type":"RT_CURSOR"},{"chi2":25714.23828125,"entropy":2.3400356769561768,"filetype":"Data","lang":"ENGLISH US","sha256":"0b0e16c38a3d5a85566e67b1d9a7e720e4dee27e163b06099d3d7dfa5dbed9ee","type":"RT_CURSOR"},{"chi2":23739.37109375,"entropy":2.5164902210235596,"filetype":"Data","lang":"ENGLISH US","sha256":"368f9cb089d206a8b61251f0c85eeda97ee08a56b33be8579246e964d3af6169","type":"RT_CURSOR"},{"chi2":24244.720703125,"entropy":2.4540092945098877,"filetype":"Data","lang":"ENGLISH US","sha256":"6440c3a38dcfb81d45bc6be31b776fdae116dd7a2933b407b67132f6cfa0e6eb","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"9882a8462ce9de3cc9a5d0ca48c8c4f7ca97f1f846f0c10e6655e33c9734b152","type":"RT_CURSOR"},{"chi2":26435.69921875,"entropy":2.345054864883423,"filetype":"Data","lang":"ENGLISH US","sha256":"322e92d75b3fec9e16b81466f4cf111d298b80812d5b238f4ee032c025a02050","type":"RT_CURSOR"},{"chi2":26429.05078125,"entropy":2.348637342453003,"filetype":"Data","lang":"ENGLISH US","sha256":"8db6df648274a0fc3d28430367216e1c17c364ca613066cbb0e133637e92ba62","type":"RT_CURSOR"},{"chi2":26837.984375,"entropy":2.3111374378204346,"filetype":"Data","lang":"ENGLISH US","sha256":"f9c81ce9b4176b305c554a15f0ca2b98b11be76c1f13ef22169999aa07e9612f","type":"RT_CURSOR"},{"chi2":16714.326171875,"entropy":3.3360934257507324,"filetype":"Data","lang":"ENGLISH US","sha256":"601635482a9b1864ea0c61ce0282c5c9fe1d014aa95dbb4f60770f1c2b6df3da","type":"RT_CURSOR"},{"chi2":20248.46484375,"entropy":2.8131332397460938,"filetype":"Data","lang":"ENGLISH US","sha256":"2bf742d2beb4c56dd6eb68347dd8ee28da85bed9e6d165b36c6edb91da01d5d6","type":"RT_CURSOR"},{"chi2":11233.6103515625,"entropy":3.8149096965789795,"filetype":"Data","lang":"ENGLISH US","sha256":"cfc4ff9e46fbb61f61b68f36adc6593b137233d1cbaa50fe37e5653f0cb20396","type":"RT_CURSOR"},{"chi2":30411.99609375,"entropy":2.1001555919647217,"filetype":"Data","lang":"ENGLISH US","sha256":"c4a6e3a7a346baecb09a0c49268eb44f388382a7866a4e912b53d48fa3b34c26","type":"RT_CURSOR"},{"chi2":31043.689453125,"entropy":1.9705222845077515,"filetype":"Data","lang":"ENGLISH US","sha256":"f273e554605a89aa0994c9d42bc2569be3db5b19b2900dacb30f3218ed1174a0","type":"RT_CURSOR"},{"chi2":28832.78125,"entropy":2.2269911766052246,"filetype":"Data","lang":"ENGLISH US","sha256":"ebaf4bcc0f0d7ca9a3458ea52520d2dd10811069241940b9b2e79ac1a4c3ca5c","type":"RT_CURSOR"},{"chi2":24239.744140625,"entropy":2.576014280319214,"filetype":"Data","lang":"ENGLISH US","sha256":"2ce101084b7ecfb1f17b45ff88970e8e54d1e0573ef2abc638842ffa96354818","type":"RT_CURSOR"},{"chi2":18323.111328125,"entropy":2.5794191360473633,"filetype":"Data","lang":"ENGLISH US","sha256":"1aacce915559956f84c4f9a515782c2bb20c5c8a4a6d3eee95281c88b111c6af","type":"RT_CURSOR"},{"chi2":48765.53515625,"entropy":3.2981557846069336,"filetype":"Data","lang":"ENGLISH US","sha256":"dc48270379b64c2ca1a770f8607a9d69da27c29408f94bd7ba9bc4eb720f8f4f","type":"RT_BITMAP"},{"chi2":15874.4365234375,"entropy":2.236664295196533,"filetype":"Data","lang":"ENGLISH US","sha256":"e7c0005285d1ab59732d5f99f77a9bdd6342b01cf44437ebd7a07611a227e272","type":"RT_BITMAP"},{"chi2":15870.369140625,"entropy":2.876206636428833,"filetype":"Data","lang":"ENGLISH US","sha256":"abdf36bde89a26349f5741c17c235dacea88d441d8662ba16a598dc50c3c4864","type":"RT_BITMAP"},{"chi2":44545.5234375,"entropy":3.67057204246521,"filetype":"Data","lang":"ENGLISH US","sha256":"bc94fa498e4e17b8a4ad8fa141acb3bf406c8ab4ed206bd2c4828de18fca5788","type":"RT_ICON"},{"chi2":17381.76171875,"entropy":3.889598846435547,"filetype":"Data","lang":"ENGLISH US","sha256":"47a37646e78ec1064f9977c5b91d75aec3bd9098366ae87892d983106ae3562f","type":"RT_ICON"},{"chi2":8497.9462890625,"entropy":3.8129916191101074,"filetype":"Data","lang":"ENGLISH US","sha256":"080c4d4ab8f4317ecc301d95aa9379c68fad84193e8d68ec58496dd75bb499ac","type":"RT_ICON"},{"chi2":63842.53125,"entropy":6.1152777671813965,"filetype":"Data","lang":"ENGLISH US","sha256":"71bc1949037ec9a5e452fe45d17847f915e8d4fe0fc7c93f04afc4b9fa2c8d21","type":"RT_ICON"},{"chi2":25177.41015625,"entropy":6.58289909362793,"filetype":"Data","lang":"ENGLISH US","sha256":"eec825f93e23d78c07d473a2943d0ac57fe1273ad168ade77b1d8de51e14ccf7","type":"RT_ICON"},{"chi2":76219.4453125,"entropy":4.95505952835083,"filetype":"Data","lang":"ENGLISH US","sha256":"011d67957189e0bb29affb0bb35477905a267e38658e853c22f1efe2a61ac6af","type":"RT_ICON"},{"chi2":241559.140625,"entropy":5.70783805847168,"filetype":"Data","lang":"ENGLISH US","sha256":"df70c108c86ed1fa5f54b7bc083931939ab218b53a9034097ed8b52ad99d2abb","type":"RT_ICON"},{"chi2":77506.40625,"entropy":6.079914569854736,"filetype":"Data","lang":"ENGLISH US","sha256":"e97c1ce2d253cfd656eb21a51ade6557791d6b6aef90c2622dc6591f7a773425","type":"RT_ICON"},{"chi2":15272.4599609375,"entropy":6.276120662689209,"filetype":"Data","lang":"ENGLISH US","sha256":"f7cde5b945fda1f6c8843cd5bc5c645cc52055db42d6087f0dd98407417a5a0c","type":"RT_ICON"},{"chi2":54967.65625,"entropy":2.402796745300293,"filetype":"Data","lang":"ENGLISH US","sha256":"c0ac1745a90cccca75d6456fd811fae37b546920f31db1a39adf5bc6b7b8881d","type":"RT_ICON"},{"chi2":21908.541015625,"entropy":2.688976764678955,"filetype":"Data","lang":"ENGLISH US","sha256":"3b064fdeeae93792219429aa61f7f27766e30938e89b08e8e3b1f746862842c9","type":"RT_ICON"},{"chi2":10858.50390625,"entropy":3.258249282836914,"filetype":"Data","lang":"ENGLISH US","sha256":"58117f69794eb7326b592c707478da0c85037d18336c8cf74fd6027cc591c6c4","type":"RT_MENU"},{"chi2":28212.564453125,"entropy":3.2103006839752197,"filetype":"Data","lang":"ENGLISH US","sha256":"f027cb7d29204d8fdab99cf4d645740725756b15a0d620150512052681bbfc62","type":"RT_DIALOG"},{"chi2":20085.009765625,"entropy":2.9993276596069336,"filetype":"Data","lang":"ENGLISH US","sha256":"5c2b9a32381ad093880dea4e120d02a5603246b2bb8f72f72d941870bf474b54","type":"RT_DIALOG"},{"chi2":20890.2109375,"entropy":3.0667619705200195,"filetype":"Data","lang":"ENGLISH US","sha256":"6e113fd8e9f3156ae68251c6076beb9b59fe29e589d06398e7019802521f69d3","type":"RT_DIALOG"},{"chi2":36546.46484375,"entropy":3.0239272117614746,"filetype":"Data","lang":"ENGLISH US","sha256":"d97074d6be54221f0bdf28201f1af0ac9f0895a4a5ad47899dc49654f798ac71","type":"RT_DIALOG"},{"chi2":29344.0859375,"entropy":3.1261675357818604,"filetype":"Data","lang":"ENGLISH US","sha256":"2f82e22a5c0ceffe9aa5045eeb144db05b1a4bf1485020800ead187e4e216af5","type":"RT_DIALOG"},{"chi2":17353.91796875,"entropy":2.7014076709747314,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1446a9292f5317240a61493f37d6b1835b48d2624c64b4402aa36784d3e099bd","type":"RT_STRING"},{"chi2":8944.890625,"entropy":2.0907223224639893,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"a7c1353bc3456cd46938e997c4f8e8ec9e850401b9b8d4d7946eb1065cc8ad2f","type":"RT_STRING"},{"chi2":42103.48828125,"entropy":3.12620210647583,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8f65722495e9c0476c52c3b71906b0ec544052a4591b4616430a3baa88157cf5","type":"RT_STRING"},{"chi2":41214.3046875,"entropy":2.9134371280670166,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"3205d9d8683ecd9998428a442a3b721cc7d7ce8d4e4c31063f02d99791dc28d0","type":"RT_STRING"},{"chi2":55396.02734375,"entropy":3.199612617492676,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"fc3f6f769e88ce894bba9f4078aaea4a47db8284f3fafb6ff844f8a5406feaba","type":"RT_STRING"},{"chi2":11705.1435546875,"entropy":2.3812334537506104,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"51e46939a67865d6b8ac14859e035fb360773e494243ba263a65b8ec06944ea2","type":"RT_STRING"},{"chi2":21027.025390625,"entropy":2.9904301166534424,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"5b8e0bfb7c789c6bfdc4be2af9f36346c0e41e7ad22c8edcc661af0e8b53dbd2","type":"RT_STRING"},{"chi2":18246.87890625,"entropy":2.8355727195739746,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"f4d2054bad5a30d07ffde08fafdf7a0deed4e343526816a67ecbbd068b84ad81","type":"RT_STRING"},{"chi2":7551.48583984375,"entropy":2.2685282230377197,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"6d40d478a6995ce29a9efc17d38ec7fc52fd4ed780839cad672b6ba16030540d","type":"RT_STRING"},{"chi2":16961.759765625,"entropy":2.74092960357666,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"8b64c7b314ec82b8d9a5584bca52110faf36ffa86317f2e98957a8665fe97a68","type":"RT_STRING"},{"chi2":36189.33203125,"entropy":3.0477657318115234,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0cce65df387f67147c75ac921bc6512fb5fc8dc86d3a60a2e0c2ba2d4845539b","type":"RT_STRING"},{"chi2":12769.16015625,"entropy":2.62539005279541,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"934c6ae73724aa444c9e02c81312cec0d60006e496e65664eb5069e1378e6cee","type":"RT_STRING"},{"chi2":16399.99609375,"entropy":3.0806007385253906,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"63213f70560632ae4ca4876817064d870fe9a346b64d3cf2f4ea4c1be85aa298","type":"RT_STRING"},{"chi2":7893.99951171875,"entropy":0.9609531760215759,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"05e0d5787611ed4f643733e3e6e62d00f426422b5d3e443ceebac22e9d294bc4","type":"RT_STRING"},{"chi2":29366.591796875,"entropy":3.085610866546631,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"66f1747ba4c17f6fca44818ed98445f01645651c120e72f558245e2df6949d35","type":"RT_STRING"},{"chi2":20694.751953125,"entropy":3.297224998474121,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"407683a58c05c1e2644e8b26cd7dc488186c786ec8f23362aa1215157755a5f2","type":"RT_STRING"},{"chi2":83957,"entropy":3.261389970779419,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"d036e1af5639fb867f5035330e81788bbc24eff762610e3f6bba5d78903a845a","type":"RT_STRING"},{"chi2":55449.9140625,"entropy":3.02530837059021,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c054645d86387fd491743027e6c2284d6a7262f6aced9321cbc1465cef2b6b1f","type":"RT_STRING"},{"chi2":51396.890625,"entropy":3.1699700355529785,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"c1bc5318a82ea1a1809618040026851947f6aa5171d904a9e60966f4551ca1a3","type":"RT_STRING"},{"chi2":12962.5224609375,"entropy":2.7108659744262695,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"35b5abb90316b4017d5531e031cbf15bae6e8dd46f6dd221701693a22a7795be","type":"RT_STRING"},{"chi2":15271.3427734375,"entropy":2.6390249729156494,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1b8660b0c53b94f3e029de58e56d08c8097a080244e9dc65d4155a9b603820d8","type":"RT_STRING"},{"chi2":18244.58984375,"entropy":2.878065586090088,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"31bff9afbf08a8869318cd946a1d73a4425afefc5693c6e06671bde1e86de1dc","type":"RT_STRING"},{"chi2":81938.0390625,"entropy":3.2325892448425293,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"36db380991291cac5c99e42332efda20210f63985544d95e8fa6ef85bf2bdf8e","type":"RT_STRING"},{"chi2":43175.703125,"entropy":3.0946567058563232,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"7f51554313c6765ba649783a942064cdfe6f5a70248a6f56840f71969f87ced0","type":"RT_STRING"},{"chi2":7961.8193359375,"entropy":1.0787549018859863,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"0714c554acd308b38c3d6319f7e470f76a16d712f696545eacac2bdc725dfb95","type":"RT_STRING"},{"chi2":8288.9111328125,"entropy":1.959641933441162,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"1f1b61a7f04edc3691a6c9350132b09929d5bfa1c900f6ff500e55c5ebc63212","type":"RT_STRING"},{"chi2":8061.71533203125,"entropy":2.9474713802337646,"filetype":"Data","lang":"ENGLISH US","sha256":"6913343cd8c147d53027bf3e8693e6553c4eab0e623a65e0b96e7c2179558f9a","type":"RT_ACCELERATOR"},{"chi2":2023.999755859375,"entropy":2.184317111968994,"filetype":"Data","lang":"ENGLISH US","sha256":"ee48922b209123c07ce4f4b41e44e75a9f45c4cea136e2f2b33d3b190861c785","type":"RT_ACCELERATOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"e6854ff594bf0bbca42b4ae0894dc26e19429b08f5e577e1cfac899c1722ad39","type":"RT_GROUP_CURSOR"},{"chi2":2977.76416015625,"entropy":2.254513740539551,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"a6a82549bab9012b198a727d469aaa464b98e7fc247ab8a85bf16cacdfab4802","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"3f02dcac38fffe306e1825846e2bc0458ee712696310d051e3a69ebda8330cc3","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ef309b720f166673cad840a88e7636e9161ad91415cc7c176010cebba07757e5","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"da738753c27f2708bd2257f8cac3385a4ccb0df1341b76acfda07fa980cfb4bd","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"ee63d4681e7622067fd29005c6cc67b456031eb723c7239f05f1cb097af0ef98","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"60a0a8bc0169228c8af42c377d93a218ccc9712a17b76ef014f81e156a36c66f","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"12a5b9052dd16bed260343bc4352d436167c991c54497c5af441304646549386","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"8f51832638675f16ec5f251ab59251b3f85d84e5129025d44c45b3191b331c58","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"4ecc7f2578fd7b137c04f85ffcbd67d6eab0bc8b1df4246cebd2a2aa517f3c60","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b328fe22a904a2e7e1341a95dbf00e2fdffc9ab350bc64c5ee348d3007c2b479","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"6c2ef97bca5cdc6aa6de65b1f1ae8328bcb3494a16025eee870231d991e2cd56","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"1085b7390dbd2b2006f85619521047c6ca58a8b274196eeed48e74ad8a1b746a","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"b077d477d0775d0b86be9bedee8ec134bdc213d6941e9ae60adcf8bdd18623cc","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"90b143ec83ef48639ea48969a1d0850aa14b573b48dadef87e4230e42bdb5971","type":"RT_GROUP_CURSOR"},{"chi2":1797.600341796875,"entropy":2.0192408561706543,"filetype":"Lotus 1-2-3","lang":"ENGLISH US","sha256":"04fe4c49379fb61d65560745031cf797d5234fbc2886e1ee5245141e3f71cdba","type":"RT_GROUP_CURSOR"},{"chi2":8583.6376953125,"entropy":3.0013043880462646,"filetype":"Data","lang":"ENGLISH US","sha256":"8852374fd48240e910182f0fcb091ed5d81ad36a024abdaaf483b8d09c599a9e","type":"RT_GROUP_ICON"},{"chi2":2254.94091796875,"entropy":2.5580508708953857,"filetype":"Data","lang":"ENGLISH US","sha256":"55d2b7489ae3e0ec0a6fb0755d92983c2ee6d333d66a937881c107a694c088c2","type":"RT_GROUP_ICON"},{"chi2":66921.40625,"entropy":3.420238733291626,"filetype":"Data","lang":"ENGLISH US","sha256":"493e13ed9d1be00fbec94c351e364ff221cee62df92323f19a914edf3813c172","type":"RT_VERSION"},{"chi2":1416.5716552734375,"entropy":2.8598792552948,"filetype":"Data","lang":"ENGLISH US","sha256":"4a9ddd567a13d9d147d000cc776815a583857849927d8fd91b8a4d73c9a5433d","type":"Struct(241)"},{"chi2":1003.6127319335938,"entropy":7.988063812255859,"filetype":"Data","lang":"ENGLISH US","sha256":"96be696b5d4f4497eb61228542fb581cc0b39f25ffdf45b31108a67c06743da7","type":"Struct(1687)"}],"resource_langs":{"ENGLISH US":87},"resource_types":{"RT_ACCELERATOR":2,"RT_BITMAP":3,"RT_CURSOR":18,"RT_DIALOG":5,"RT_GROUP_CURSOR":16,"RT_GROUP_ICON":2,"RT_ICON":11,"RT_MENU":1,"RT_STRING":26,"RT_VERSION":1,"Struct(1687)":1,"Struct(241)":1},"rich_pe_header_hash":"77c45911f57e2974050c9f737e3771e9","sections":[{"chi2":1366774.75,"entropy":6.55,"flags":"rx","md5":"515a0b066b025e46b41b827eae903cbe","name":".text","raw_size":237568,"virtual_address":4096,"virtual_size":235059},{"chi2":3440810.75,"entropy":4.86,"flags":"r","md5":"814659d1dacc9eea43dbd7e8b2a892bd","name":".rdata","raw_size":69632,"virtual_address":241664,"virtual_size":68819},{"chi2":974842.25,"entropy":3.8,"flags":"rw","md5":"5fe8041aa74d3a9055516a4dbca0dd59","name":".data","raw_size":12288,"virtual_address":311296,"virtual_size":25044},{"chi2":1215250.88,"entropy":6.96,"flags":"r","md5":"b1fdb32dea84a0258e2f877f1ace347c","name":".rsrc","raw_size":110592,"virtual_address":339968,"virtual_size":107536}],"timestamp":1601030449},"reputation":0,"sha1":"5dce34edac03c3fe6236e36a7afce5061ee7d9f1","sha256":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","signature_info":{"copyright":"TODO: (c) \u003cCompany name\u003e. All rights reserved.","description":"TODO: \u003cFile description\u003e","file version":"1.0.0.1","internal name":"WebPageSnapShot.exe","original name":"WebPageSnapShot.exe","product":"TODO: \u003cProduct name\u003e"},"size":434176,"ssdeep":"6144:4abhDkzV+z3ItUUiCFYcK/7X0XfGkDmrDI3A4KFzq+EP78YaAy2+1Oo:4YhozVKIixT7XFPc31ixEP7Z","tags":["peexe"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"InstallShield setup","probability":40},{"file_type":"Win32 Executable MS Visual C++ (generic)","probability":29},{"file_type":"Win16 NE executable (generic)","probability":13},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.1},{"file_type":"Win32 Executable (generic)","probability":4.1}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"045046655d1560e040500340098zf125z40400a5ez1"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759173,"notification_id":"1596582889184556-4642050303721472-08981bcd3fc13d3cafd04a7fc5b61041","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["function_capabilities","2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","checksystemlangauge"],"rule_name":"CheckSystemLangauge","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca","links":{"self":"https://www.virustotal.com/api/v3/files/2c5eb559f2901959c9705bd543786984a01f6e53063d3014ee0b5ba08a9903ca"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-f83dd7896428e470a486020feb820863","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","createfile"],"rule_name":"CreateFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-24cddc642cf7fb7fc7defd0197671a4a","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","iswindowminimized"],"rule_name":"IsWindowMinimized","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759181,"notification_id":"1596605914341828-4642050303721472-fdc7cb12d2f4c1ba3d758a14b383df1e","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","procmessages"],"rule_name":"ProcMessages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-9793e97d7800c4d457a5ddacf2871fba","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","readfile"],"rule_name":"ReadFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-4b5125226fa48b6fe511a3ec1fc83eb8","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","getusername"],"rule_name":"GetUserName","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759180,"notification_id":"1596605914341828-4642050303721472-bf83168d6f753273c7f62e85e8868ca2","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","downloadfile"],"rule_name":"DownloadFile","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-b0cd6dd37718286ccbb832980b7eca33","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","recordscreenshot"],"rule_name":"RecordScreenshot","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-1b970a4dcbfa8653614f0cc3742e6217","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","launchcmd"],"rule_name":"LaunchCMD","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-5284f262ccb6afbb4d7fce796bbffb6b","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","adjusttokenprivileges"],"rule_name":"AdjustTokenPrivileges","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"dc63fda7b7136f755ec244ffddd642ec926dfb93699a3421acc44f5b54127d84","capabilities_tags":["str_win32_internet_api","screenshot","win_token","str_win32_http_api","keylogger","str_win32_wininet_library","str_win32_winsock2_library","win_registry","network_http","win_files_operation","escalate_priv","inject_thread"],"creation_date":1559480550,"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"581632","EntryPoint":"0x2800a","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersionNumber":"0.0.0.0","ImageFileCharacteristics":"Executable, Large address aware, 32-bit","ImageVersion":"0.0","InitializedDataSize":"540672","LanguageCode":"English (British)","LinkerVersion":"12.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"5.1","ObjectFileType":"Executable application","PEType":"PE32","ProductVersionNumber":"0.0.0.0","Subsystem":"Windows GUI","SubsystemVersion":"5.1","TimeStamp":"2019:06:02 13:02:30+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755414,"last_analysis_date":1601755414,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKD.43949246"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKD.43949246"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C3281454"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Autoit.ShellCode.a"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D29E9CBE"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"AutoIt:Injector-JF [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/AutoIt.muyrk"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKD.43949246"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.74D4A5D717"},"Bkav":{"category":"malicious","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":"W32.AIDetectVM.malware1"},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.IGENERIC"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Generic-6989149-1"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_90% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.530d37"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/AutoIt.QF.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.DownLoader28.38326"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win32/Injector.Autoit.DZT"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKD.43949246 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/AutoIt.muyrk"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.10c74af530d377ab"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"AutoIt/Injector.DZT!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Injector"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Mal/AuItInj-A"},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 700000111 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Backdoor.NanoCore.AutoIt"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Trojan-AitInject.aq"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.TrojanAitInject.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKD.43949246"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Backdoor:MSIL/Noancooe.C"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":"Trj/Genetic.gen"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM10.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Injector/Autoit!1.BB82 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Mal/AuItInj-A"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"AUT.Heuristic!gen1"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.Downloader"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Script.AutoIt.gen"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_98%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":49,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":21},"last_modification_date":1601755663,"last_submission_date":1601755414,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","main_icon":{"dhash":"b2a2e3e3e3a3a200","raw_md5":"2a1613d0845d00b916aa58adf0d41788"},"md5":"10c74af530d377ab49802fe1994e02e9","meaningful_name":"C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat","names":["C:\\Users\\\u003cUSER\u003e\\hdwwiz\\DiagnosticsHub.StandardCollector.Service.exe.bat"],"pe_info":{"compiler_product_versions":["id: 225, version: 20806 count=2","id: 199, version: 41118 count=1","[ASM] VS2013 build 21005 count=51","[ C ] VS2013 build 21005 count=177","[C++] VS2013 build 21005 count=53","[ C ] VS2008 SP1 build 30729 count=9","[IMP] VS2008 SP1 build 30729 count=37","[---] Unmarked objects count=544","id: 234, version: 40629 count=80","[ASM] VS2013 UPD5 build 40629 count=1","[RES] VS2013 build 21005 count=1","id: 151, version: 0 count=1","[LNK] VS2013 UPD5 build 40629 count=1"],"debug":[{"offset":746264,"reserved10":{"value":"00554750"},"size":4,"timestamp":"Thu Mar 15 13:14:39 2018","type":10,"type_str":"IMAGE_DEBUG_TYPE_RESERVED10"}],"entry_point":163850,"imphash":"afcdf79be1557326c854b6e20cb900a7","import_list":[{"imported_functions":["WNetGetConnectionW","WNetCancelConnection2W","WNetUseConnectionW","WNetAddConnection2W"],"library_name":"MPR.dll"},{"imported_functions":["GetSaveFileNameW","GetOpenFileNameW"],"library_name":"COMDLG32.dll"},{"imported_functions":["IcmpCloseHandle","IcmpSendEcho","IcmpCreateFile"],"library_name":"IPHLPAPI.DLL"},{"imported_functions":["GetStdHandle","GetDriveTypeW","FileTimeToSystemTime","WaitForSingleObject","GetPrivateProfileSectionNamesW","GetFileAttributesW","GetLocalTime","GetProcessId","CreatePipe","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","SetErrorMode","FreeEnvironmentStringsW","ReadConsoleW","SetStdHandle","WideCharToMultiByte","GetDiskFreeSpaceW","InterlockedExchange","FindResourceExW","GetSystemTimeAsFileTime","GlobalMemoryStatusEx","HeapReAlloc","GetStringTypeW","GetExitCodeProcess","FormatMessageW","IsWow64Process","ResumeThread","GetTimeZoneInformation","LoadResource","FindClose","InterlockedDecrement","MoveFileW","SetFileAttributesW","EncodePointer","GetCurrentThread","GetEnvironmentVariableW","SetLastError","DeviceIoControl","TlsGetValue","CopyFileW","WriteProcessMemory","OutputDebugStringW","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","lstrcmpiW","RaiseException","WritePrivateProfileSectionW","GetVolumeInformationW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","GetPrivateProfileStringW","GetFullPathNameW","CreateThread","SetEnvironmentVariableW","GetSystemDirectoryW","DeleteCriticalSection","SetUnhandledExceptionFilter","ReadFile","IsProcessorFeaturePresent","ExitThread","DecodePointer","SetEnvironmentVariableA","SetPriorityClass","TerminateProcess","GetModuleHandleExW","SetCurrentDirectoryW","GlobalAlloc","LocalFileTimeToFileTime","GetDiskFreeSpaceExW","SetEndOfFile","GetCurrentThreadId","InterlockedIncrement","WriteConsoleW","MulDiv","CreateToolhelp32Snapshot","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","TerminateThread","SetEvent","LoadLibraryW","GetVersionExW","FreeLibrary","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlUnwind","GetProcessIoCounters","GetWindowsDirectoryW","GetFileSize","OpenProcess","GetDateFormatW","GetStartupInfoW","ReadProcessMemory","CreateDirectoryW","DeleteFileW","GetProcAddress","GetProcessHeap","GetTempFileNameW","GetComputerNameW","EnumResourceNamesW","CompareStringW","lstrcpyW","RemoveDirectoryW","FindNextFileW","CreateHardLinkW","FindFirstFileW","DuplicateHandle","GlobalLock","SetVolumeLabelW","GetPrivateProfileSectionW","GetTempPathW","CreateEventW","CreateFileW","GetFileType","TlsSetValue","ExitProcess","LeaveCriticalSection","GetLastError","SystemTimeToFileTime","LCMapStringW","GetShortPathNameW","VirtualAllocEx","GetSystemInfo","GlobalFree","GetConsoleCP","FindResourceW","GetTimeFormatW","GetEnvironmentStringsW","GlobalUnlock","lstrlenW","Process32NextW","CreateProcessW","FileTimeToLocalFileTime","SizeofResource","GetCurrentDirectoryW","VirtualFreeEx","GetCurrentProcessId","LockResource","SetFileTime","GetCommandLineW","GetCPInfo","HeapSize","CopyFileExW","Process32FirstW","WritePrivateProfileStringW","QueryPerformanceFrequency","TlsFree","SetSystemPowerState","CloseHandle","GetACP","GetModuleHandleW","GetLongPathNameW","IsValidCodePage","WriteFile","VirtualFree","Sleep","VirtualAlloc","GetOEMCP"],"library_name":"KERNEL32.dll"},{"imported_functions":["IsThemeActive"],"library_name":"UxTheme.dll"},{"imported_functions":["SysStringLen","UnRegisterTypeLibForUser","SafeArrayDestroyData","SysAllocString","VariantCopy","QueryPathOfRegTypeLib","SafeArrayCreateVector","SafeArrayAllocData","SafeArrayDestroyDescriptor","SafeArrayAccessData","UnRegisterTypeLib","SafeArrayUnaccessData","VariantCopyInd","SafeArrayAllocDescriptorEx","VariantInit","LoadTypeLibEx","SysFreeString","OleLoadPicture","VariantChangeType","CreateDispTypeInfo","DispCallFunc","SafeArrayGetVartype","VariantTimeToSystemTime","RegisterTypeLib","VariantClear","VarR8FromDec","SysReAllocString","CreateStdDispatch","RegisterTypeLibForUser"],"library_name":"OLEAUT32.dll"},{"imported_functions":["DragQueryFileW","SHEmptyRecycleBinW","SHBrowseForFolderW","SHCreateShellItem","SHFileOperationW","ShellExecuteW","SHGetPathFromIDListW","DragQueryPoint","ExtractIconExW","SHGetSpecialFolderLocation","ShellExecuteExW","SHGetDesktopFolder","Shell_NotifyIconW","SHGetFolderPathW","DragFinish"],"library_name":"SHELL32.dll"},{"imported_functions":["OleUninitialize","CoUninitialize","IIDFromString","CoGetInstanceFromFile","StringFromGUID2","CoSetProxyBlanket","CreateStreamOnHGlobal","OleSetContainedObject","CoGetObject","CLSIDFromString","ProgIDFromCLSID","CoInitialize","OleInitialize","CoCreateInstance","CoCreateInstanceEx","CoTaskMemAlloc","GetRunningObjectTable","CLSIDFromProgID","CoInitializeSecurity","OleSetMenuDescriptor","MkParseDisplayName","CoTaskMemFree"],"library_name":"ole32.dll"},{"imported_functions":["ImageList_BeginDrag","ImageList_Destroy","ImageList_Create","ImageList_DragLeave","ImageList_SetDragCursorImage","ImageList_DragMove","ImageList_Remove","InitCommonControlsEx","ImageList_ReplaceIcon","ImageList_DragEnter","ImageList_EndDrag"],"library_name":"COMCTL32.dll"},{"imported_functions":["VerQueryValueW","GetFileVersionInfoW","GetFileVersionInfoSizeW"],"library_name":"VERSION.dll"},{"imported_functions":["waveOutSetVolume","timeGetTime","mciSendStringW"],"library_name":"WINMM.dll"},{"imported_functions":["HttpQueryInfoW","FtpOpenFileW","InternetQueryDataAvailable","InternetQueryOptionW","InternetConnectW","FtpGetFileSize","InternetCrackUrlW","InternetCloseHandle","InternetSetOptionW","HttpSendRequestW","InternetOpenUrlW","InternetReadFile","InternetOpenW","HttpOpenRequestW"],"library_name":"WININET.dll"},{"imported_functions":["GetTextExtentPoint32W","CreatePen","EndPath","GetPixel","Rectangle","GetDeviceCaps","LineTo","DeleteDC","SetBkMode","CreateFontW","SetPixel","GetObjectW","AngleArc","SetTextColor","PolyDraw","MoveToEx","GetTextFaceW","CreateDCW","GetStockObject","SetViewportOrgEx","StrokePath","GetDIBits","RoundRect","CreateCompatibleDC","StrokeAndFillPath","StretchBlt","CloseFigure","SelectObject","CreateCompatibleBitmap","CreateSolidBrush","ExtCreatePen","SetBkColor","BeginPath","DeleteObject","Ellipse"],"library_name":"GDI32.dll"},{"imported_functions":["accept","ioctlsocket","WSAStartup","connect","htons","WSAGetLastError","gethostname","closesocket","inet_addr","send","ntohs","select","listen","__WSAFDIsSet","WSACleanup","gethostbyname","inet_ntoa","recv","setsockopt","socket","bind","recvfrom","sendto"],"library_name":"WSOCK32.dll"},{"imported_functions":["RegCreateKeyExW","RegCloseKey","CopySid","GetAce","AdjustTokenPrivileges","InitializeAcl","LookupPrivilegeValueW","RegDeleteKeyW","CheckTokenMembership","RegQueryValueExW","SetSecurityDescriptorDacl","GetAclInformation","OpenProcessToken","RegConnectRegistryW","RegOpenKeyExW","InitiateSystemShutdownExW","GetTokenInformation","DuplicateTokenEx","GetUserNameW","GetSecurityDescriptorDacl","RegDeleteValueW","RegEnumKeyExW","OpenThreadToken","GetLengthSid","CreateProcessAsUserW","RegEnumValueW","LogonUserW","RegSetValueExW","FreeSid","AllocateAndInitializeSid","InitializeSecurityDescriptor","CreateProcessWithLogonW","AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["GetProcessMemoryInfo"],"library_name":"PSAPI.DLL"},{"imported_functions":["CreateEnvironmentBlock","LoadUserProfileW","UnloadUserProfile","DestroyEnvironmentBlock"],"library_name":"USERENV.dll"},{"imported_functions":["RedrawWindow","GetForegroundWindow","UnregisterHotKey","DrawTextW","SetUserObjectSecurity","DestroyMenu","PostQuitMessage","SetWindowPos","IsWindow","EndPaint","OpenWindowStationW","CharUpperBuffW","VkKeyScanW","SetMenuItemInfoW","SetActiveWindow","GetMenuItemID","GetCursorPos","ReleaseDC","GetMenuStringW","GetMenu","GetClientRect","CreateAcceleratorTableW","SetMenuDefaultItem","IsClipboardFormatAvailable","LoadImageW","CountClipboardFormats","keybd_event","GetActiveWindow","RegisterHotKey","OpenClipboard","GetWindowTextW","LockWindowUpdate","GetWindowTextLengthW","GetKeyState","PtInRect","GetParent","GetCursorInfo","AttachThreadInput","EnumWindows","GetMessageW","ShowWindow","GetCaretPos","DrawFrameControl","GetDesktopWindow","IsCharAlphaW","PeekMessageW","InsertMenuItemW","TranslateMessage","IsWindowEnabled","SetClipboardData","DestroyWindow","OpenDesktopW","IsZoomed","LoadStringW","DrawMenuBar","IsCharLowerW","IsIconic","TrackPopupMenuEx","DrawFocusRect","CreateMenu","IsDialogMessageW","FlashWindow","EnumThreadWindows","MonitorFromPoint","CopyRect","GetSysColorBrush","CreateWindowExW","GetWindowLongW","CharNextW","SetFocus","RegisterWindowMessageW","GetMonitorInfoW","EmptyClipboard","BeginPaint","DefWindowProcW","GetKeyboardLayoutNameW","KillTimer","MapVirtualKeyW","CheckMenuRadioItem","GetClipboardData","GetSystemMetrics","SetWindowLongW","GetWindowRect","InflateRect","SetCapture","ReleaseCapture","EnumChildWindows","SetProcessWindowStation","SendDlgItemMessageW","SetKeyboardState","InvalidateRect","CreatePopupMenu","GetSubMenu","GetClassLongW","SetWindowTextW","SetTimer","GetDlgItem","SystemParametersInfoW","SendInput","ClientToScreen","PostMessageW","CloseWindowStation","GetKeyboardState","GetMenuItemCount","IsDlgButtonChecked","DestroyAcceleratorTable","CreateIconFromResourceEx","LoadCursorW","LoadIconW","FindWindowExW","GetDC","FillRect","SetForegroundWindow","GetProcessWindowStation","ExitWindowsEx","GetMenuItemInfoW","GetAsyncKeyState","EnableWindow","CharLowerBuffW","SetLayeredWindowAttributes","EndDialog","FindWindowW","GetDlgCtrlID","ScreenToClient","MessageBeep","GetWindowThreadProcessId","MessageBoxW","SendMessageW","RegisterClassExW","SetMenu","MoveWindow","DialogBoxParamW","MessageBoxA","IsCharUpperW","GetWindowDC","AdjustWindowRectEx","mouse_event","SendMessageTimeoutW","GetSysColor","CopyImage","DestroyIcon","IsWindowVisible","IsCharAlphaNumericW","DispatchMessageW","FrameRect","SetRect","DeleteMenu","MonitorFromRect","GetUserObjectSecurity","CallWindowProcW","GetClassNameW","BlockInput","CloseDesktop","IsMenu","GetFocus","wsprintfW","CloseClipboard","TranslateAcceleratorW","DefDlgProcW","SetCursor"],"library_name":"USER32.dll"}],"machine_type":332,"overlay":{"chi2":10062.7578125,"entropy":6.267537593841553,"filetype":"Data","md5":"0fbbdf30f0130850fde8c8cc840b4bc5","offset":1123328,"size":832},"resource_details":[{"chi2":23799.138671875,"entropy":3.6637094020843506,"filetype":"Data","lang":"ENGLISH UK","sha256":"62ba0b2575098d4428c9a99bd060ef7572071698bf9d03b4bd430f5f691378e5","type":"RT_ICON"},{"chi2":39527.51953125,"entropy":2.0588324069976807,"filetype":"Data","lang":"ENGLISH UK","sha256":"08bcba5aa989c988ea18f8101c84daaee58d4f0b584535a85186c8b98b66147e","type":"RT_ICON"},{"chi2":39565.58203125,"entropy":2.254985809326172,"filetype":"Data","lang":"ENGLISH UK","sha256":"245fc49e4e955e1db3975b826dcf27ad2eb32a6831caa4cb6b501a3914bcfaa9","type":"RT_ICON"},{"chi2":22293.244140625,"entropy":3.6535532474517822,"filetype":"Data","lang":"ENGLISH UK","sha256":"30d1e986d0b31def6f13e53ff02c031bfbefcf963d61d5ad650b172ad7e860c7","type":"RT_ICON"},{"chi2":11661.625,"entropy":3.437037229537964,"filetype":"Data","lang":"ENGLISH UK","sha256":"4035501adf394316fef967f0a20eedbf34126242bbeb9cbaad501af59aebd797","type":"RT_ICON"},{"chi2":196121.078125,"entropy":4.161387920379639,"filetype":"Data","lang":"ENGLISH UK","sha256":"7b310c0be8d06ce48affcc4f9aed1c0d788031b2a2f4ae57b69b66234a20d812","type":"RT_ICON"},{"chi2":142153.21875,"entropy":4.0749311447143555,"filetype":"Data","lang":"ENGLISH UK","sha256":"34b88a55636fba814081ad56bda0f029a6a48647de3c0aa7c01ed483e8829832","type":"RT_ICON"},{"chi2":198019.8125,"entropy":2.1830201148986816,"filetype":"Data","lang":"ENGLISH UK","sha256":"e3462f80eb7b3b4010ea0ab4fb82033a565632230555ec565e1ee7ae8c01c04f","type":"RT_ICON"},{"chi2":328674.1875,"entropy":4.523121356964111,"filetype":"Data","lang":"ENGLISH UK","sha256":"c3a9d3b89fe9d0197f5d20a9a00f2e69c9218c57b95f21bd16d193d264725d1d","type":"RT_ICON"},{"chi2":119014.71875,"entropy":4.651682376861572,"filetype":"Data","lang":"ENGLISH UK","sha256":"1d07a182ee09e1ae5120d258c03c8cdd17797e00bca1e3c4d923b03c37c7cf1a","type":"RT_ICON"},{"chi2":34118.2890625,"entropy":4.391784191131592,"filetype":"Data","lang":"ENGLISH UK","sha256":"e11a688c6e3fecdb7bcdccaa350aa6fb9bffa50e81751ce4c38b6a26db692634","type":"RT_ICON"},{"chi2":7766.4033203125,"entropy":2.682918071746826,"filetype":"Data","lang":"ENGLISH UK","sha256":"54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab","type":"RT_MENU"},{"chi2":95826.953125,"entropy":3.3470208644866943,"filetype":"Data","lang":"ENGLISH UK","sha256":"4fe35e21717d34ceb4717f9e9de8fde1b3de80d76a59bb87405910c2f1d6284b","type":"RT_STRING"},{"chi2":111751.78125,"entropy":3.28170108795166,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"9306910d4bb273465765832df77fb1fd78bd6e0bcbf9908636e323c34c92b613","type":"RT_STRING"},{"chi2":78471.640625,"entropy":3.288486957550049,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"e47fa3aec12353f6370b941bc5855e5551530c7b26f925b5a2e2692a0201450c","type":"RT_STRING"},{"chi2":102749.5703125,"entropy":3.2837283611297607,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"4854e5abce2237256df24b69c9759fc1e8caa423a54bfe661ba7031afd8375eb","type":"RT_STRING"},{"chi2":109138.875,"entropy":3.2632203102111816,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"d38369002e36f73866a0d40b13e069b9ffdbda50957f4c88d52a72fecb9b4e45","type":"RT_STRING"},{"chi2":76171.0078125,"entropy":3.2581164836883545,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"58ea125e6b5fa2cbc5a8ed819c7f50c9bca1cfe55f94c7cff3feb60f25ac6073","type":"RT_STRING"},{"chi2":25705.48046875,"entropy":3.0857229232788086,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"b3711acbe8e01fee7fd362112b4e42da05c728e98b85c0a3b4cb075977849cee","type":"RT_STRING"},{"chi2":292.2889404296875,"entropy":7.998823165893555,"filetype":"Data","lang":"NEUTRAL","sha256":"dffacc875d2830eb9e8ce624fec16a12d5f732185c920b129a299fd4ac30dba3","type":"RT_RCDATA"},{"chi2":291.6589050292969,"entropy":7.997288227081299,"filetype":"Data","lang":"NEUTRAL","sha256":"587f66fb4e168c3e31c642e25fe17c47396a4dc315e870f64d99cd5045ca7dec","type":"RT_RCDATA"},{"chi2":7969.86376953125,"entropy":2.8695015907287598,"filetype":"Data","lang":"ENGLISH UK","sha256":"d886ef46aff4ad878304045ca0de6c140dac34f39440a4fa421968522ec6398b","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"6bcce1250099cc08d574211b3debabb0244cd2641f6d960538e7ddc97d319164","type":"RT_GROUP_ICON"},{"chi2":1720.800048828125,"entropy":1.8427376747131348,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"ae172a9a2fd008910b537c92a95b38bfba0e5bbdaaca719bf686e6415a7a2ba1","type":"RT_GROUP_ICON"},{"chi2":1618.400146484375,"entropy":2.0232198238372803,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"7698ef362b288a7e3b96304ca50814b42518cba38598db9dbb36d8b90212d76a","type":"RT_GROUP_ICON"},{"chi2":22847.9375,"entropy":2.7786190509796143,"filetype":"Data","lang":"ENGLISH UK","sha256":"ebfbc032f504c40d9098735ecfd8c80d996de100b07130e2855b9125e1f57fe5","type":"RT_VERSION"},{"chi2":6430.72802734375,"entropy":5.4002556800842285,"filetype":"ASCII text","lang":"ENGLISH UK","sha256":"1bd8139910a81485aadb0bb28586e233768486de8c09f6a565ae457805702d39","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH UK":25,"NEUTRAL":2},"resource_types":{"RT_GROUP_ICON":4,"RT_ICON":11,"RT_MANIFEST":1,"RT_MENU":1,"RT_RCDATA":2,"RT_STRING":7,"RT_VERSION":1},"rich_pe_header_hash":"a5d888b5a108c327d65f490cc1a712f2","sections":[{"chi2":3075404.5,"entropy":6.68,"flags":"rx","md5":"310e36668512d53489c005622bb1b4a9","name":".text","raw_size":581632,"virtual_address":4096,"virtual_size":581597},{"chi2":4998914.5,"entropy":5.76,"flags":"r","md5":"748cf1ab2605ce1fd72d53d912abb68f","name":".rdata","raw_size":196096,"virtual_address":585728,"virtual_size":195982},{"chi2":4320735,"entropy":1.2,"flags":"rw","md5":"aae9601d920f07080bdfadf43dfeff12","name":".data","raw_size":20992,"virtual_address":782336,"virtual_size":36724},{"chi2":196651.38,"entropy":7.85,"flags":"r","md5":"df0955421637b2bc828acb19525b36f3","name":".rsrc","raw_size":294400,"virtual_address":819200,"virtual_size":294076},{"chi2":110144.84,"entropy":6.78,"flags":"r","md5":"f04128ad0f87f42830e4a6cdbc38c719","name":".reloc","raw_size":29184,"virtual_address":1114112,"virtual_size":28980}],"timestamp":1559480550},"reputation":0,"sha1":"ca6a057e70eb61db12e694317d2c5d26d7aa8518","sha256":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","sigma_analysis_stats":{"critical":0,"high":0,"low":40,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":40,"medium":0}},"size":1124160,"ssdeep":"24576:JAHnh+eWsN3skA4RV1Hom2KXMmHanc5vuZoX2lPA5r:Qh+ZkldoPK8Yanc5vmo2ur","tags":["peexe","overlay","direct-cpu-clock-access","detect-debug-environment","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Windows Control Panel Item (generic)","probability":85.5},{"file_type":"Win16 NE executable (generic)","probability":6},{"file_type":"Win32 Dynamic Link Library (generic)","probability":2.8},{"file_type":"Win32 Executable (generic)","probability":1.9},{"file_type":"OS/2 Executable (generic)","probability":0.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"016056655d15756210b02002300a46z161d013zf2za0030e039z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759179,"notification_id":"1596605914341828-4642050303721472-8b7b56dc9461f8b6f4acb96694b9c240","notification_snippet":"","notification_source_country":null,"notification_source_key":"0453118b","notification_tags":["453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","function_capabilities","queryregistrykey"],"rule_name":"QueryRegistryKey","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e","links":{"self":"https://www.virustotal.com/api/v3/files/453002a0558c76bef14e3a144d3a8fb683bf8060dfb872d5eb2f0bdac4f3ac9e"},"type":"file"} +{"attributes":{"authentihash":"b39ad15531d351953b4315eb14a761d8d20b3cd30c0519c38e0edd59e8227fd5","capabilities_tags":["win_files_operation"],"creation_date":1590723944,"downloadable":true,"exiftool":{"CodeSize":"153088","EntryPoint":"0x7f84","FileType":"Win64 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"Executable, Large address aware","ImageVersion":"0.0","InitializedDataSize":"106496","LinkerVersion":"14.23","MIMEType":"application/octet-stream","MachineType":"AMD AMD64","OSVersion":"6.0","PEType":"PE32+","Subsystem":"Windows GUI","SubsystemVersion":"6.0","TimeStamp":"2020:05:29 03:45:44+00:00","UninitializedDataSize":"0"},"first_submission_date":1601755484,"last_analysis_date":1601755484,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win64:TrojanX-gen [Trj]"},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Wacatac.R343592"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.SelfDel"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Mikey.D1BC2F"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win64:TrojanX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"HEUR/AGEN.1137403"},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Trojan.Selfdel"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Malware.Beebone-9762279-0"},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_60% (D)"},"Cybereason":{"category":"undetected","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"undetected","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W64/Agent.BWX.gen!Eldorado"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.MulDrop13.22682"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"a variant of Win64/Agent.ABU"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Gen:Variant.Mikey.113711 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Heuristic.HEUR/AGEN.1137403"},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W64/SelfDel.VHO!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.SelfDel"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Troj/Agent-BFFG"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Selfdel.qfb"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Riskware ( 0040eff71 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Trojan.Win32.SelfDel.vho"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Trojan.Injector"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.121218.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"GenericRXAA-AA!4836A0B0E66F"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win64.Dropper.tc"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Gen:Variant.Mikey.113711"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Wacatac.DD!ml"},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Win64/Agent!1.CA03 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-BFFG"},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.SelfDel"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Trojan.Agent!XarDjAMoTHQ"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.SelfDel.Win32.64272"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Trojan.Win32.SelfDel.vho"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_66%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":43,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":27},"last_modification_date":1601755586,"last_submission_date":1601755484,"magic":"PE32+ executable for MS Windows (GUI) Mono/.Net assembly","md5":"4836a0b0e66fc58075c2373482818c9c","meaningful_name":"%TEMP%\\ESZESHKMSL.exe","names":["%TEMP%\\ESZESHKMSL.exe","ESZESHKMSL.exe"],"pe_info":{"compiler_product_versions":["id: 259, version: 26715 count=10","id: 260, version: 26715 count=18","id: 261, version: 26715 count=158","id: 261, version: 27905 count=78","id: 260, version: 27905 count=16","id: 259, version: 27905 count=9","id: 257, version: 26715 count=5","[---] Unmarked objects count=104","id: 265, version: 28106 count=4","id: 255, version: 28106 count=1","id: 258, version: 28106 count=1"],"debug":[{"codeview":{"age":1,"guid":"97c838fd-3ef8-4654-80ee-89aeddac915d","name":"C:\\Users\\swe_r\\source\\repos\\LoaderRepacker\\x64\\Release\\LoaderRepacker.pdb","signature":"RSDS"},"offset":224468,"size":98,"timestamp":"Fri May 29 03:45:44 2020","type":2,"type_str":"IMAGE_DEBUG_TYPE_CODEVIEW"},{"offset":224568,"size":20,"timestamp":"Fri May 29 03:45:44 2020","type":12,"type_str":"IMAGE_DEBUG_TYPE_VC_FEATURE"},{"offset":224588,"size":852,"timestamp":"Fri May 29 03:45:44 2020","type":13,"type_str":"IMAGE_DEBUG_TYPE_POGO"},{"offset":0,"size":0,"timestamp":"Fri May 29 03:45:44 2020","type":14,"type_str":"IMAGE_DEBUG_TYPE_ILTCG"}],"entry_point":32644,"imphash":"4115ec57355092a1f4d0330b5ace668a","import_list":[{"imported_functions":["ShellExecuteA"],"library_name":"SHELL32.dll"},{"imported_functions":["GetStdHandle","EncodePointer","DeleteCriticalSection","GetCurrentProcess","GetConsoleMode","UnhandledExceptionFilter","FreeEnvironmentStringsW","InitializeSListHead","GetLocaleInfoW","SetStdHandle","GetFileTime","GetCPInfo","WriteFile","GetSystemTimeAsFileTime","HeapReAlloc","GetStringTypeW","FreeLibrary","FindClose","TlsGetValue","SetLastError","GetModuleFileNameW","Beep","IsDebuggerPresent","HeapAlloc","RtlAddFunctionTable","RtlVirtualUnwind","EnumSystemLocalesW","LoadLibraryExW","MultiByteToWideChar","SetFilePointerEx","SetUnhandledExceptionFilter","IsProcessorFeaturePresent","DecodePointer","TerminateProcess","GetModuleHandleExW","GetCurrentThreadId","GetProcAddress","WriteConsoleW","InitializeCriticalSectionAndSpinCount","HeapFree","EnterCriticalSection","GetOEMCP","QueryPerformanceCounter","TlsAlloc","FlushFileBuffers","LoadLibraryA","RtlPcToFileHeader","GetStartupInfoW","GetUserDefaultLCID","GetProcessHeap","GetFileSizeEx","FindNextFileW","RtlLookupFunctionEntry","IsValidLocale","FindFirstFileExW","RtlUnwindEx","CreateFileW","GetFileType","TlsSetValue","CreateFileA","ExitProcess","LeaveCriticalSection","GetLastError","LCMapStringW","GetConsoleCP","GetEnvironmentStringsW","GetModuleFileNameA","SwitchToThread","GetCurrentProcessId","GetCommandLineW","GetCurrentDirectoryA","HeapSize","GetCommandLineA","RaiseException","TlsFree","SetFilePointer","ReadFile","RtlCaptureContext","CloseHandle","GetACP","GetModuleHandleW","CreateProcessA","WideCharToMultiByte","IsValidCodePage","Sleep","VirtualAlloc"],"library_name":"KERNEL32.dll"}],"machine_type":34404,"overlay":{"chi2":289.88323974609375,"entropy":7.9999589920043945,"filetype":"Data","md5":"ad3d13c59d3617f6e756408c796499cc","offset":254464,"size":5179504},"resource_details":[{"chi2":4142.857421875,"entropy":4.896233081817627,"filetype":"application/xml","lang":"ENGLISH US","sha256":"165c5c883fd4fd36758bcba6baf2faffb77d2f4872ffd5ee918a16f91de5a8a8","type":"RT_MANIFEST"}],"resource_langs":{"ENGLISH US":1},"resource_types":{"RT_MANIFEST":1},"rich_pe_header_hash":"7b7aa09ecb9e0edfd271676b79a70ced","sections":[{"chi2":924102.63,"entropy":6.49,"flags":"rx","md5":"4007d3a9038c58c43b795aaf8a7faba9","name":".text","raw_size":153088,"virtual_address":4096,"virtual_size":153088},{"chi2":3957483.25,"entropy":5.12,"flags":"r","md5":"eafdbd8159515ef51764f0bfeb4a38be","name":".rdata","raw_size":82944,"virtual_address":159744,"virtual_size":82722},{"chi2":470192.03,"entropy":2.98,"flags":"rw","md5":"d67723ebdb2b42c695b6f6e471da2881","name":".data","raw_size":4608,"virtual_address":245760,"virtual_size":10564},{"chi2":261990.25,"entropy":5.32,"flags":"r","md5":"ff9eeab1c83556a1b9887b78357bd231","name":".pdata","raw_size":8192,"virtual_address":258048,"virtual_size":8064},{"chi2":74755,"entropy":1.68,"flags":"r","md5":"1e3908e0705e63d6fdac8e750109cd08","name":"_RDATA","raw_size":512,"virtual_address":266240,"virtual_size":256},{"chi2":8329,"entropy":4.75,"flags":"r","md5":"43c22ac8647ebbb96b2605592cfe3000","name":".rsrc","raw_size":512,"virtual_address":270336,"virtual_size":488},{"chi2":30377.29,"entropy":5.26,"flags":"r","md5":"4f846741e45917bae02b9b2a9f51f4ff","name":".reloc","raw_size":3584,"virtual_address":274432,"virtual_size":3268}],"timestamp":1590723944},"reputation":0,"sha1":"553b54e091478b0edf1c3453e4a33340ae81e97f","sha256":"d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","size":5433968,"ssdeep":"98304:u4e6nTpTRA9vMDBJXmorHffMoNURusmMi1UUGldmnXNXLqCjB31r+GggPx:uyTpT+vsXmorU82uzMOUUUmnXNXLFl1N","tags":["64bits","peexe","assembly","invalid-rich-pe-linker-version","overlay"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 Dynamic Link Library (generic)","probability":34.3},{"file_type":"Win32 Executable (generic)","probability":23.5},{"file_type":"OS/2 Executable (generic)","probability":10.6},{"file_type":"Win64 Executable (generic)","probability":10.5},{"file_type":"Generic Win/DOS Executable","probability":10.4}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"056076655d155515555az56hz1lz"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759114,"notification_id":"1596602785935355-5517514209001472-39d0ef71bb9141475f7d1657528957b0","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","pe_file","ransomware"],"rule_name":"pe_file","rule_tags":[],"ruleset_id":"5517514209001472","ruleset_name":"ransomware"},"id":"d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da","links":{"self":"https://www.virustotal.com/api/v3/files/d1130d86dcffb8a69382f8ab83bf918106749cffed32ca3b4fe30163d6d9e4da"},"type":"file"} +{"attributes":{"authentihash":"62ae16bd2c17180d09e7b3bcb8939bc7c8f02f900a520ee71f9855b94ce2f353","downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"0","CompanyName":"Microsoft Corporation","EntryPoint":"0x0000","FileDescription":"Tâche d’analyse de l’intégrité des données","FileFlagsMask":"0x003f","FileOS":"Windows NT 32-bit","FileSubtype":"0","FileType":"Win32 DLL","FileTypeExtension":"dll","FileVersion":"10.0.19041.321 (WinBuild.160101.0800)","FileVersionNumber":"10.0.19041.321","ImageFileCharacteristics":"Executable, 32-bit, DLL","ImageVersion":"10.0","InitializedDataSize":"11776","InternalName":"discan","LanguageCode":"French","LegalCopyright":"© Microsoft Corporation. Tous droits réservés.","LinkerVersion":"14.2","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"10.0","ObjectFileType":"Dynamic link library","OriginalFileName":"discan.dll.mui","PEType":"PE32","ProductName":"Système d’exploitation Microsoft® Windows®","ProductVersion":"10.0.19041.321","ProductVersionNumber":"10.0.19041.321","Subsystem":"Windows GUI","SubsystemVersion":"6.0","TimeStamp":"0000:00:00 00:00:00","UninitializedDataSize":"0"},"first_submission_date":1600545486,"last_analysis_date":1601755339,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"undetected","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"undetected","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":null},"CrowdStrike":{"category":"undetected","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"undetected","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":null},"Elastic":{"category":"undetected","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"timeout","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"undetected","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87158","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"undetected","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"confirmed-timeout","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":1,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":1,"type-unsupported":5,"undetected":67},"last_modification_date":1601755508,"last_submission_date":1600545486,"magic":"PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit","md5":"f0200e3cf3bc0163391af0ffba0537d3","meaningful_name":"discan.dll.mui","names":["discan","discan.dll.mui"],"packers":{"PEiD":"Microsoft Visual C++ vx.x DLL"},"pe_info":{"compiler_product_versions":["id: 255, version: 27412 count=1","id: 258, version: 27412 count=1"],"debug":[{"offset":568,"size":84,"timestamp":"Thu Jan 8 14:31:41 1998","type":13,"type_str":"IMAGE_DEBUG_TYPE_POGO"},{"offset":652,"size":36,"timestamp":"Thu Jan 8 14:31:41 1998","type":16,"type_str":"16"}],"machine_type":332,"overlay":{"chi2":13327.26171875,"entropy":7.388175964355469,"filetype":"Data","md5":"cd3007cc8a0a0ac21c67e46c19d3ae1b","offset":12288,"size":9088},"resource_details":[{"chi2":22711.271484375,"entropy":2.573807716369629,"filetype":"Data","lang":"FRENCH","sha256":"f00ab7c6065b93de7ae9e76e4eac863459fc3d20d3f91bd7eaff9bffa03bbd58","type":"MUI"},{"chi2":36805.50390625,"entropy":3.063631772994995,"filetype":"Data","lang":"FRENCH","sha256":"de8bf17d18142ef20e862146ff2f0aac103045b0f0821dc218781cd09e7b2472","type":"RT_STRING"},{"chi2":608574.25,"entropy":3.4768004417419434,"filetype":"Data","lang":"FRENCH","sha256":"345b7625afc0f89c7096df2ab81121c7b576a329ab59b9dd6c6661d2e83efd15","type":"RT_MESSAGETABLE"},{"chi2":73027.3671875,"entropy":3.522307872772217,"filetype":"Data","lang":"FRENCH","sha256":"2af25162afabb6491185f46b6956f89b1a2a5843c3a07cf1e128f8dde4dbe051","type":"RT_VERSION"}],"resource_langs":{"FRENCH":4},"resource_types":{"MUI":1,"RT_MESSAGETABLE":1,"RT_STRING":1,"RT_VERSION":1},"rich_pe_header_hash":"0f6476a2dd80586d598ffd5bd4be8eb7","sections":[{"chi2":84496,"entropy":1.78,"flags":"r","md5":"cf9e607e2e31fbf67f01ce588d582a00","name":".rdata","raw_size":512,"virtual_address":4096,"virtual_size":176},{"chi2":759194,"entropy":3.64,"flags":"r","md5":"ee946a8d1393e09f3692e60123f04756","name":".rsrc","raw_size":11264,"virtual_address":8192,"virtual_size":12288}]},"reputation":0,"sha1":"22896d7735bd05831c0e26944edd2312f4d6d2d3","sha256":"c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","signature_info":{"copyright":"© Microsoft Corporation. Tous droits réservés.","counter signers":"Microsoft Time-Stamp Service; Microsoft Time-Stamp PCA 2010; Microsoft Root Certificate Authority 2010","counter signers details":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Time-Stamp PCA 2010","name":"Microsoft Time-Stamp Service","serial number":"33 00 00 01 0F 80 72 F6 3A 87 08 88 AD 00 00 00 00 01 0F","status":"Valid","thumbprint":"2441BB429F53941D1679DBB4A092417AA164B769","valid from":"11:19 PM 10/23/2019","valid to":"11:19 PM 01/21/2021","valid usage":"Timestamp Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Time-Stamp PCA 2010","serial number":"61 09 81 2A 00 00 00 00 00 02","status":"Valid","thumbprint":"2AA752FE64C49ABE82913C463529CF10FF2F04EE","valid from":"09:36 PM 07/01/2010","valid to":"09:46 PM 07/01/2025","valid usage":"All"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Root Certificate Authority 2010","serial number":"28 CC 3A 25 BF BA 44 AC 44 9A 9B 58 6B 43 39 AA","status":"Valid","thumbprint":"3B1EFD3A66EA28B16697394703A72CA340A05BD5","valid from":"09:57 PM 06/23/2010","valid to":"10:04 PM 06/23/2035","valid usage":"All"}],"description":"Tâche d’analyse de l’intégrité des données","file version":"10.0.19041.321 (WinBuild.160101.0800)","internal name":"discan","original name":"discan.dll.mui","product":"Système d’exploitation Microsoft® Windows®","signers":"Microsoft Corporation; Microsoft Code Signing PCA 2011; Microsoft Root Certificate Authority 2011","signers details":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Code Signing PCA 2011","name":"Microsoft Corporation","serial number":"33 00 00 01 88 AF 52 D6 B9 92 6D E8 F9 00 00 00 00 01 88","status":"Valid","thumbprint":"A5BCE29A2944105E0E25B626120264BB03499052","valid from":"06:39 PM 03/04/2020","valid to":"06:39 PM 03/03/2021","valid usage":"Microsoft Publisher, Code Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Code Signing PCA 2011","serial number":"61 0E 90 D2 00 00 00 00 00 03","status":"Valid","thumbprint":"F252E794FE438E35ACE6E53762C0A234A2C52135","valid from":"08:59 PM 07/08/2011","valid to":"09:09 PM 07/08/2026","valid usage":"All"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Root Certificate Authority 2011","serial number":"3F 8B C8 B5 FC 9F B2 96 43 B5 69 D6 6C 42 E1 44","status":"Valid","thumbprint":"8F43288AD272F3103B6FB1428485EA3014C0BCFE","valid from":"10:05 PM 03/22/2011","valid to":"10:13 PM 03/22/2036","valid usage":"All"}],"signing date":"07:30 PM 05/14/2020","verified":"Signed","x509":[{"algorithm":"sha256RSA","cert issuer":"Microsoft Code Signing PCA 2011","name":"Microsoft Corporation","serial number":"33 00 00 01 88 AF 52 D6 B9 92 6D E8 F9 00 00 00 00 01 88","thumbprint":"A5BCE29A2944105E0E25B626120264BB03499052","valid from":"2020-03-04 18:39:48","valid to":"2021-03-03 18:39:48","valid_usage":"0.4.1.311.76.8, Code Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2011","name":"Microsoft Code Signing PCA 2011","serial number":"61 0E 90 D2 00 00 00 00 00 03","thumbprint":"F252E794FE438E35ACE6E53762C0A234A2C52135","valid from":"2011-07-08 20:59:09","valid to":"2026-07-08 21:09:09","valid_usage":null},{"algorithm":"sha256RSA","cert issuer":"Microsoft Time-Stamp PCA 2010","name":"Microsoft Time-Stamp Service","serial number":"33 00 00 01 0F 80 72 F6 3A 87 08 88 AD 00 00 00 00 01 0F","thumbprint":"2441BB429F53941D1679DBB4A092417AA164B769","valid from":"2019-10-23 23:19:18","valid to":"2021-01-21 23:19:18","valid_usage":"Timestamp Signing"},{"algorithm":"sha256RSA","cert issuer":"Microsoft Root Certificate Authority 2010","name":"Microsoft Time-Stamp PCA 2010","serial number":"61 09 81 2A 00 00 00 00 00 02","thumbprint":"2AA752FE64C49ABE82913C463529CF10FF2F04EE","valid from":"2010-07-01 21:36:55","valid to":"2025-07-01 21:46:55","valid_usage":null}]},"size":21376,"ssdeep":"384:PECg1C7YyoUACEeW2h1WixHRN7WjrlF7:PjnvR6y4f","tags":["pedll","invalid-rich-pe-linker-version","signed","overlay"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 Executable (generic)","probability":35.8},{"file_type":"OS/2 Executable (generic)","probability":16.1},{"file_type":"Win64 Executable (generic)","probability":16},{"file_type":"Generic Win/DOS Executable","probability":15.9},{"file_type":"DOS Executable Generic","probability":15.9}],"type_description":"Win32 DLL","type_tag":"pedll","unique_sources":1,"vhash":"124025151\"z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601759112,"notification_id":"1596597676292699-5517514209001472-39d0ef71bb9141475f7d1657528957b0","notification_snippet":"","notification_source_country":null,"notification_source_key":null,"notification_tags":["pe_file","c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","ransomware"],"rule_name":"pe_file","rule_tags":[],"ruleset_id":"5517514209001472","ruleset_name":"ransomware"},"id":"c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c","links":{"self":"https://www.virustotal.com/api/v3/files/c3be23d05a017a7ef5a9c161b702cfd67b7f39093d75eed380f39fdbc15ad22c"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755661,"notification_id":"1596471088617144-4642050303721472-8cd4cf47faf9764d52bd3d12d088a79f","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","guardpages"],"rule_name":"GuardPages","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-b2c63cccf59df132c856e74ebe856ba6","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","terminateprocess"],"rule_name":"TerminateProcess","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-85a1010f23b7285f29d37fddf7a9d470","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","dynamicapi"],"rule_name":"DynamicAPI","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"6460448bc30b014e1822e04320ea30073bff1b9ee8704328229589ea33abeafc","creation_date":327680,"downloadable":true,"exiftool":{"CodeSize":"5632","EntryPoint":"0x12a0","FileType":"Win32 EXE","FileTypeExtension":"exe","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit, No debug","ImageVersion":"1.0","InitializedDataSize":"395264","LinkerVersion":"2.24","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","PEType":"PE32","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"1970:01:04 19:01:20+00:00","UninitializedDataSize":"512"},"first_submission_date":1601751964,"last_analysis_date":1601751964,"last_analysis_results":{"ALYac":{"category":"malicious","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"malicious","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"AegisLab":{"category":"timeout","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":"Trojan/Win32.Generic.C1768482"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"Trojan/Win32.AGeneric"},"Arcabit":{"category":"malicious","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":"Trojan.Generic.D9921"},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:Trojan-gen"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"malicious","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":"TR/Crypt.XDR.Gen"},"Baidu":{"category":"malicious","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":"Win32.Trojan.Kryptik.bio"},"BitDefender":{"category":"malicious","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"AI:Packer.92D700921C"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"malicious","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":"Worm.Drolnux.S644909"},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201003","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201003","engine_version":"32864","method":"blacklist","result":"Worm.Win32.Ibashade.D@6v10bm"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.cd4cfb"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.SOJB-8372"},"DrWeb":{"category":"malicious","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":"Trojan.PackedENT.108"},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22093","method":"blacklist","result":"Win32/Ibashade.C"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"malicious","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":"Trojan.GenericKDZ.39201 (B)"},"F-Secure":{"category":"malicious","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":"Trojan.TR/Crypt.XDR.Gen"},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Kryptik.FOAD!tr"},"GData":{"category":"malicious","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27215B:27.20390","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":"Worm.Win32.Ibashade"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"ML/PE-A + Troj/Agent-AVXU"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.Generic.arvem"},"K7AntiVirus":{"category":"malicious","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"K7GW":{"category":"malicious","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":"Trojan ( 005048871 )"},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=88)"},"Malwarebytes":{"category":"malicious","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":"Worm.Agent"},"MaxSecure":{"category":"malicious","engine_name":"MaxSecure","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Trojan.Malware.300983.susgen"},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":"Generic-FAHD!F8CEC99CD4CF"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.hh"},"MicroWorld-eScan":{"category":"malicious","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":"Trojan.GenericKDZ.39201"},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Worm:Win32/Drolnux"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Trojan.Win32.Kryptik.eljjir"},"Paloalto":{"category":"undetected","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"HEUR/QVM01.1.5867.Malware.Gen"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":"Worm.Ibashade!1.BC34 (CLASSIC)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Troj/Agent-AVXU"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201003","engine_version":"1.12.0.0","method":"blacklist","result":"Trojan.Toraldrop"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"Tencent":{"category":"malicious","engine_name":"Tencent","engine_update":"20201003","engine_version":"1.0.0.1","method":"blacklist","result":"Malware.Win32.Gencirc.10b0cbe1"},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"malicious","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"TrendMicro-HouseCall":{"category":"malicious","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":"WORM_DROLNUX_GC310160.UVPM"},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"Trojan.PackedENT"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87154","method":"blacklist","result":"FraudTool.Win32.SecurityShield.ek!c (v)"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201003","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Trojan.Gen"},"Yandex":{"category":"malicious","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":"Worm.Ibashade!RMt/cnmFjzM"},"Zillya":{"category":"malicious","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":"Trojan.Kryptik.Win32.1053328"},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"HEUR:Worm.Win32.Generic"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Unsafe.AI_Score_99%"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":57,"suspicious":0,"timeout":2,"type-unsupported":4,"undetected":12},"last_modification_date":1601752247,"last_submission_date":1601751964,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"f8cec99cd4cfb6e8a73f25e2d2292b0b","meaningful_name":"%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","names":["%APPDATA%\\Microsoft\\Search\\SearchHelper.exe","SearchHelper.exe"],"pe_info":{"entry_point":4768,"imphash":"a6083e536d6342c425a7dad4bdc72272","import_list":[{"imported_functions":["VirtualFree","DeleteCriticalSection","InitializeCriticalSection","EnterCriticalSection","GlobalFree","lstrlenA","GetModuleHandleA","lstrcmpA","GetLastError","GlobalAlloc","FreeLibrary","SetUnhandledExceptionFilter","TlsGetValue","ExitProcess","VirtualProtect","GetProcAddress","VirtualQuery","VirtualAlloc","LoadLibraryA","LeaveCriticalSection"],"library_name":"KERNEL32.dll"},{"imported_functions":["_cexit","__p__fmode","puts","__p__environ","fwrite","signal","memset","free","_onexit","atexit","abort","_setmode","strchr","vfprintf","__getmainargs","calloc","_iob","memcpy","__set_app_type"],"library_name":"msvcrt.dll"}],"machine_type":332,"overlay":{"chi2":1037569.3125,"entropy":5.017364501953125,"filetype":"ASCII text","md5":"98c86a85feef6fdcf6524c3f37dca164","offset":396288,"size":125775},"resource_details":[{"chi2":753655.25,"entropy":4.048840522766113,"filetype":"Data","lang":"ENGLISH US","sha256":"6fe0e6426e227e32d97737ce0cde5218413f9d521b2c3345b9aa3b1340785adb","type":"RT_ICON"},{"chi2":256245.234375,"entropy":4.663979530334473,"filetype":"Data","lang":"ENGLISH US","sha256":"4a3b2b327c38fc108b66e1fa1f59ea13fb49389f226a5aa66bee13a78cdd4350","type":"RT_ICON"},{"chi2":27010.21875,"entropy":5.3350138664245605,"filetype":"Data","lang":"ENGLISH US","sha256":"f98ecf41bbb5988f6301bbadc3cc48e36250cf37fef8bd70774efa22db4e9010","type":"RT_ICON"},{"chi2":12240,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"17b0761f87b081d5cf10757ccc89f12be355c70e2e29df288b65b30710dcbcd1","type":"RT_GROUP_ICON"},{"chi2":190740.015625,"entropy":0,"filetype":"ASCII text","lang":"ENGLISH US","sha256":"13a74e7dc8897b6489f66b39e0e4505a4e46a943f3635b5b0c68bbe571b682cf","type":"RT_VERSION"}],"resource_langs":{"ENGLISH US":5},"resource_types":{"RT_GROUP_ICON":1,"RT_ICON":3,"RT_VERSION":1},"sections":[{"chi2":86649.02,"entropy":5.74,"flags":"rx","md5":"3a99bef55e205511b4925c188c55c719","name":".text","raw_size":5632,"virtual_address":4096,"virtual_size":5252},{"chi2":2806633,"entropy":6.74,"flags":"rw","md5":"d957a665f0266966698b6c959fde659f","name":".data","raw_size":369152,"virtual_address":12288,"virtual_size":368656},{"chi2":21465,"entropy":4.16,"flags":"r","md5":"0704163a950f0e010bb7cd0251140800","name":".rdata","raw_size":512,"virtual_address":385024,"virtual_size":416},{"chi2":261120,"entropy":0,"flags":"r","md5":"0f343b0931126a20f133d67c2b018a3b","name":".eh_fram","raw_size":1024,"virtual_address":389120,"virtual_size":928},{"chi2":-1,"entropy":0,"flags":"rw","md5":"d41d8cd98f00b204e9800998ecf8427e","name":".bss","raw_size":0,"virtual_address":393216,"virtual_size":100},{"chi2":68964.37,"entropy":4.48,"flags":"rw","md5":"8dd6933739a4b06acf1fdc28e782230d","name":".idata","raw_size":1536,"virtual_address":397312,"virtual_size":1140},{"chi2":127510,"entropy":0.12,"flags":"rw","md5":"36e6668cd88ff7685ee5e7d63fc47bc6","name":".CRT","raw_size":512,"virtual_address":401408,"virtual_size":24},{"chi2":125001,"entropy":0.2,"flags":"rw","md5":"3d62fcb4704235d3e046e31568bdb9da","name":".tls","raw_size":512,"virtual_address":405504,"virtual_size":32},{"chi2":1253511.25,"entropy":4.17,"flags":"rw","md5":"fd62e2c1ad4617f7efb7a73c5c79f9a2","name":".rsrc","raw_size":16384,"virtual_address":409600,"virtual_size":16176}],"timestamp":327680},"reputation":0,"sha1":"eabb7f18f5c7b2bf8b224cf32feced4f30034731","sha256":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","sigma_analysis_stats":{"critical":0,"high":0,"low":33,"medium":0},"sigma_analysis_summary":{"Sigma Integrated Rule Set (GitHub)":{"critical":0,"high":0,"low":33,"medium":0}},"size":522063,"ssdeep":"12288:PN2Znlon9zMC/PHXFtYB3DowvoO5pNpWT:EZS9oC/v43DmO5pWT","tags":["peexe","overlay","direct-cpu-clock-access","long-sleeps","runtime-modules"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"Win32 EXE PECompact compressed (generic)","probability":58.8},{"file_type":"Microsoft Visual C++ compiled executable (generic)","probability":23.3},{"file_type":"Win32 Executable (generic)","probability":6.3},{"file_type":"OS/2 Executable (generic)","probability":2.8},{"file_type":"Win64 Executable (generic)","probability":2.8}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"0550975d65150c0d1d1d1az1413=z"},"context_attributes":{"match_in_subfile":false,"notification_date":1601755660,"notification_id":"1596471088617144-4642050303721472-ea44665a14b3de8c7f2d8b77cb320c07","notification_snippet":"","notification_source_country":"KR","notification_source_key":"77f30b24","notification_tags":["function_capabilities","execptionhandler","ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"],"rule_name":"ExecptionHandler","rule_tags":[],"ruleset_id":"4642050303721472","ruleset_name":"Function Capabilities"},"id":"ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b","links":{"self":"https://www.virustotal.com/api/v3/files/ed4fe527fcbc73222d955b84b45da2ef44c1be0f8ac3a3673f8cd828d041744b"},"type":"file"} +{"attributes":{"authentihash":"4dac6a1423ff18d951e8d221673b3b8cda241051babb3879b44d337e6c2907a9","capabilities_tags":["network_udp_sock","spreading_file","network_tcp_socket","screenshot","network_tcp_listen","win_private_profile","win_token","win_mutex","keylogger","str_win32_winsock2_library","str_win32_internet_api","win_registry","network_dns","network_dropper","network_http","network_ssl","win_files_operation","str_win32_wininet_library","str_win32_http_api","network_smtp_raw","rat_rdp"],"creation_date":1507318527,"crowdsourced_yara_results":[{"description":"Detects EquationGroup Tool - April Leak","match_in_subfile":true,"rule_name":"EquationGroup_Toolset_Apr17_Eternalromance","ruleset_id":"00029bbd96","ruleset_name":"apt_eqgrp_apr17","source":"https://github.com/Neo23x0/signature-base"},{"description":"Malware Sample - maybe Regin related","match_in_subfile":true,"rule_name":"Regin_Related_Malware","ruleset_id":"000cf3a489","ruleset_name":"spy_regin_fiveeyes","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"exiftool":{"CharacterSet":"Unicode","CodeSize":"3686400","Comments":"Ftp系统核心服务","CompanyName":"Windows系统Ftp核心服务","EntryPoint":"0x8abaa0","FileDescription":"Ftp系统核心服务","FileFlagsMask":"0x0000","FileOS":"Win32","FileSubtype":"0","FileType":"Win32 EXE","FileTypeExtension":"exe","FileVersion":"2.1.2.1","FileVersionNumber":"2.1.2.1","ImageFileCharacteristics":"No relocs, Executable, No line numbers, No symbols, 32-bit","ImageVersion":"0.0","InitializedDataSize":"24576","LanguageCode":"Chinese (Simplified)","LegalCopyright":"Windows系统Ftp核心服务 版权所有","LinkerVersion":"6.0","MIMEType":"application/octet-stream","MachineType":"Intel 386 or later, and compatibles","OSVersion":"4.0","ObjectFileType":"Executable application","PEType":"PE32","ProductName":"Ftp系统核心服务","ProductVersion":"2.1.2.1","ProductVersionNumber":"2.1.2.1","Subsystem":"Windows GUI","SubsystemVersion":"4.0","TimeStamp":"2017:10:06 19:35:27+00:00","UninitializedDataSize":"5402624"},"first_submission_date":1507524718,"last_analysis_date":1601702480,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"malicious","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":"Malicious"},"AVG":{"category":"malicious","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"FileRepMalware"},"Acronis":{"category":"malicious","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":"suspicious"},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"malicious","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":"Trojan.Multi.Generic.lmpu"},"AhnLab-V3":{"category":"malicious","engine_name":"AhnLab-V3","engine_update":"20201002","engine_version":"3.18.2.10046","method":"blacklist","result":"Malware/Win32.Generic.C2191491"},"Alibaba":{"category":"undetected","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"malicious","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":"GrayWare/Win32.FlyStudio.a"},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"malicious","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":"Win32:HacktoolX-gen [Trj]"},"Avast-Mobile":{"category":"type-unsupported","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"malicious","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":"Gen:NN.ZexaF.34282.IpKfauCVYRjb"},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201002","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201001","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201002","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"malicious","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":"Win.Downloader.13403-1"},"Comodo":{"category":"malicious","engine_name":"Comodo","engine_update":"20201002","engine_version":"32862","method":"blacklist","result":"Malware@#18ajnfdpqoc42"},"CrowdStrike":{"category":"malicious","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":"win/malicious_confidence_100% (D)"},"Cybereason":{"category":"malicious","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":"malicious.c02a18"},"Cylance":{"category":"malicious","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":"Unsafe"},"Cynet":{"category":"malicious","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":"Malicious (score: 100)"},"Cyren":{"category":"malicious","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":"W32/Trojan.CLL.gen!Eldorado"},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"malicious","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22090","method":"blacklist","result":"a variant of Win32/FlyStudio.OPP"},"Elastic":{"category":"malicious","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":"malicious (high confidence)"},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"malicious","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":"Generic.mg.40b445bdac37451f"},"Fortinet":{"category":"malicious","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":"W32/Agent.65CA!tr"},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27208B:27.20382","method":"blacklist","result":null},"Ikarus":{"category":"malicious","engine_name":"Ikarus","engine_update":"20201002","engine_version":"0.1.5.2","method":"blacklist","result":"Trojan.Win32.Exploit"},"Invincea":{"category":"malicious","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":"Generic PUA BM (PUA)"},"Jiangmin":{"category":"malicious","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":"Trojan.EquationDrug.jd"},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201002","engine_version":"11.142.35348","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35350","method":"blacklist","result":null},"Kaspersky":{"category":"malicious","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.af"},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"malicious","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":"malware (ai score=100)"},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"malicious","engine_name":"McAfee","engine_update":"20201002","engine_version":"6.0.6.653","method":"blacklist","result":"Artemis!40B445BDAC37"},"McAfee-GW-Edition":{"category":"malicious","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":"BehavesLike.Win32.Generic.wc"},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"malicious","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":"Trojan:Win32/Eqtonex.C!dha"},"NANO-Antivirus":{"category":"malicious","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.etjpyk"},"Paloalto":{"category":"malicious","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"generic.ml"},"Panda":{"category":"malicious","engine_name":"Panda","engine_update":"20201002","engine_version":"4.6.4.2","method":"blacklist","result":"Generic Malware"},"Qihoo-360":{"category":"malicious","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":"Win32/Trojan.Exploit.46b"},"Rising":{"category":"malicious","engine_name":"Rising","engine_update":"20201002","engine_version":"25.0.0.26","method":"blacklist","result":"Trojan.Eqtonex!8.E3CD (TFE:5:5YgiJ2vLGwD)"},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"malicious","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":"Malware"},"SentinelOne":{"category":"malicious","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":"DFI - Malicious PE"},"Sophos":{"category":"malicious","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":"Generic PUA BM (PUA)"},"Symantec":{"category":"malicious","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":"Hacktool"},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.01","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"malicious","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":"BScope.TrojanDropper.Woozlist"},"VIPRE":{"category":"malicious","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87142","method":"blacklist","result":"Trojan.Win32.Generic!BT"},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"malicious","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":"W32.Malware.Gen"},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"malicious","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":"Exploit.Win32.ShadowBrokers.af"},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"malicious","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":"Trojan.Generic"}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":41,"suspicious":0,"timeout":0,"type-unsupported":4,"undetected":29},"last_modification_date":1601703541,"last_submission_date":1507524718,"magic":"PE32 executable for MS Windows (GUI) Intel 80386 32-bit","md5":"40b445bdac37451f6a9b91cadc52e843","names":["1c0b829c02a18ecdf0c53e74ae8c54560e0349e1"],"packers":{"Cyren":"UPX","F-PROT":"UPX","PEiD":"UPX 2.90 [LZMA] -\u003e Markus Oberhumer, Laszlo Molnar \u0026 John Reiser"},"pe_info":{"compiler_product_versions":["id: 12, version: 7291 count=5","id: 11, version: 8047 count=9","id: 10, version: 8047 count=6","id: 14, version: 7299 count=44","[ C ] VS98 (6.0) SP6 build 8804 count=203","id: 19, version: 8022 count=44","id: 19, version: 8034 count=28","[---] Unmarked objects count=689","id: 93, version: 2179 count=3","[C++] VS98 (6.0) SP6 build 8804 count=95","[C++] VS98 (6.0) build 8168 count=104","[ C ] VS98 (6.0) build 8168 count=27","[---] Unmarked objects (old) count=84","[RES] VS98 (6.0) SP6 cvtres build 1736 count=1"],"entry_point":9091744,"imphash":"65d73bed202d138a2f2e5fadd25ef7d3","import_list":[{"imported_functions":["ChooseColorA"],"library_name":"comdlg32.dll"},{"imported_functions":["SafeArrayGetUBound"],"library_name":"OLEAUT32.dll"},{"imported_functions":["waveOutOpen"],"library_name":"WINMM.dll"},{"imported_functions":["InternetOpenA"],"library_name":"WININET.dll"},{"imported_functions":["SaveDC"],"library_name":"GDI32.dll"},{"imported_functions":["ShellExecuteA"],"library_name":"SHELL32.dll"},{"imported_functions":["VirtualFree","ExitProcess","VirtualProtect","LoadLibraryA","VirtualAlloc","GetProcAddress"],"library_name":"KERNEL32.DLL"},{"imported_functions":["RasHangUpA"],"library_name":"RASAPI32.dll"},{"imported_functions":["OpenPrinterA"],"library_name":"WINSPOOL.DRV"},{"imported_functions":["AddAce"],"library_name":"ADVAPI32.dll"},{"imported_functions":["OleRun"],"library_name":"ole32.dll"},{"imported_functions":["SHDeleteKeyA"],"library_name":"SHLWAPI.dll"},{"imported_functions":["send"],"library_name":"WS2_32.dll"},{"imported_functions":["GetDC"],"library_name":"USER32.dll"},{"imported_functions":["Ord(17)"],"library_name":"COMCTL32.dll"}],"machine_type":332,"resource_details":[{"chi2":245.00003051757812,"entropy":3.4594321250915527,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c71d2d00cce292297c6856c00e13614b895e573aeb127193d9872379d1714d10","type":"TEXTINCLUDE"},{"chi2":234.00006103515625,"entropy":4.459430694580078,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"6d4dfcf6c3b999c08e64c61efb341a1a1bf0b6eec81dbba6605107d2be009ea6","type":"TEXTINCLUDE"},{"chi2":351.996826171875,"entropy":7.186094760894775,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f2260b650d99d296059d4c461a9ba427ef521ee22492ce87f248aa6ab1227f94","type":"TEXTINCLUDE"},{"chi2":333.6622314453125,"entropy":7.1476359367370605,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"bd46934a2ee5fdf3262175c88250660068d966361bad348ddfe1e22ce2e866be","type":"RT_CURSOR"},{"chi2":408.4678649902344,"entropy":7.061681270599365,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"1a201b0de3341ce3020a27adf6488786114b348dcc5cd8d144c79de875d00ccc","type":"RT_CURSOR"},{"chi2":468.31207275390625,"entropy":6.962516784667969,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"518df682583faef7e1788b588dfd2f1f193df111bea0b5ca27d17b17e7f3ddae","type":"RT_CURSOR"},{"chi2":400.2666015625,"entropy":6.544606685638428,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"cb2faf2855fffcba10196fabafd8bdc057ea38d6f3ca274ddac424cb6d119b1c","type":"RT_CURSOR"},{"chi2":739.8348999023438,"entropy":7.181002140045166,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"7a683674c27eff1c2e7f188b211624076470a7d9916fcb52e883e993c82f0ee9","type":"RT_BITMAP"},{"chi2":418.71649169921875,"entropy":7.085074424743652,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f38c7dbe38c09f1215c706ad863d329968839fcd37d55ba925bd4a033c055e56","type":"RT_BITMAP"},{"chi2":547.5341796875,"entropy":6.9661865234375,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c79f72e9611145384a761e3b3fcb5e67790c74bd3423584f27d7390f9758aca0","type":"RT_BITMAP"},{"chi2":528.185302734375,"entropy":7.053053855895996,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d2d5c200d0777c0630804e1e4bb75c815101732ddeaf8b74414c7fb10f7c293a","type":"RT_BITMAP"},{"chi2":546.0458374023438,"entropy":7.057104587554932,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d71f271e5791ca65f64590014a923c3f8fe2cbb9d2a09f2b29c5993bdd20f267","type":"RT_BITMAP"},{"chi2":706.790771484375,"entropy":7.262923717498779,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"25813455f23fa9f6e67455c6200e60f2a77cbb1ab4942d10e2c8b23bd3cce524","type":"RT_BITMAP"},{"chi2":1136.930419921875,"entropy":7.108856201171875,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b55d03c8cb7a130a2214b0b657dca1a75d697404460c4252b14d1f6ae0f7e2f5","type":"RT_BITMAP"},{"chi2":1074.41845703125,"entropy":6.765951633453369,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c4e25d95823aaf9c28c2bfd7a9e3e61983a636fdb339382c1448e58e7897b9dd","type":"RT_BITMAP"},{"chi2":1416.744140625,"entropy":6.576704978942871,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5732e5e2f8cd0e9e9039fedcf430c3d1f29d01c6adabcabbe4d7f374ccc30030","type":"RT_BITMAP"},{"chi2":895.81396484375,"entropy":6.878451824188232,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"8c136a954979b7e25a375469dd885b9c709ef5b4db00e2803391c0a362c0ac7f","type":"RT_BITMAP"},{"chi2":1499.8306884765625,"entropy":7.68862247467041,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5ece3595afbbe59aa52fb1d1512ac2ae79252aa44687b202e7ef0838a7feafd5","type":"RT_BITMAP"},{"chi2":339.1307678222656,"entropy":6.82283353805542,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"aec30446833cd2bb7f5e36c3de17f4a7ab5d30a6106985b6b711e279a93eec3d","type":"RT_BITMAP"},{"chi2":475.73724365234375,"entropy":7.076139450073242,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b1e7c5fc974e57e291340ebd4e860888b3a7951054d4782d9c5e88e2a59e77dd","type":"RT_BITMAP"},{"chi2":1036.5924072265625,"entropy":7.412300109863281,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d3556b53cf333641256866ab0e8a88a3f4a02f0e4616cf2051a14056a24fb675","type":"RT_BITMAP"},{"chi2":430.02117919921875,"entropy":7.5765204429626465,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d6555c986a3a991b82fdb43c4f6a89fa6bbc4401ccbae8f956b6b8af6c64ec09","type":"RT_ICON"},{"chi2":338.8110656738281,"entropy":7.097600936889648,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"56b125efb3b5ffef2ff5316f6ca4f71896040550a0ac85bfe0a4b10e27074f09","type":"RT_ICON"},{"chi2":399208.53125,"entropy":5.561239719390869,"filetype":"Data","lang":"NEUTRAL","sha256":"1332a051df5da313ff15ddfa9a2896e1d117e1a69525bd52fbc498d07eca71c5","type":"RT_ICON"},{"chi2":286.66668701171875,"entropy":3.4182956218719482,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"ce458419570905afd00b5b04b349297e67af01bcf99291512ed24eed5f8dc490","type":"RT_MENU"},{"chi2":767.180419921875,"entropy":7.172008037567139,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"74bfa88f4e130c1a64cbdf166b309d82da6b25780fb31ec864b3dbe67dad59fb","type":"RT_MENU"},{"chi2":356.6313781738281,"entropy":6.4400715827941895,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"c7a363b7cdf8dabfdd68612434326c739528dad876b15ef935f6a4fbf8ec50c2","type":"RT_DIALOG"},{"chi2":529.512939453125,"entropy":7.0183234214782715,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"4062b870043e2bfd23f0da5f1b9877efe6dc6b99e73ae8b716a180607b4cbeb4","type":"RT_DIALOG"},{"chi2":503.6634216308594,"entropy":6.743902683258057,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"e05994cb1144ccd37266eb2964a99a00fc77645323ab92cb2a336dbc50b6a6b8","type":"RT_DIALOG"},{"chi2":479.2997131347656,"entropy":6.662327766418457,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"2f86795effa7b482074b782dfb32bf8fafc372d437f8051b24cb25002bcfb344","type":"RT_DIALOG"},{"chi2":1701.1810302734375,"entropy":7.471444606781006,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"17a31e4e18afad4f135a30d5a555dabad202de6c547871731603e66d3112c24a","type":"RT_DIALOG"},{"chi2":469.19091796875,"entropy":6.4334635734558105,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"a0b750ce4ad0a12c7e42d7307353b4743a0f1c434a35f92b3279528d61348a7e","type":"RT_DIALOG"},{"chi2":674.4307861328125,"entropy":6.426914215087891,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"9d3b8c5dd9fdc2be650c0b58900117ef0b0edd3619d08a1b1d0c21fb9926728d","type":"RT_DIALOG"},{"chi2":469.1908874511719,"entropy":6.45845365524292,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"519207d44f900896b7c9e4e7056b84bb86f2cb7d2148e361252c336df98b5250","type":"RT_DIALOG"},{"chi2":560.12451171875,"entropy":6.625264644622803,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"b0b8cca468589f2a602028f39fb1319058c87dd76530d59281108868c4b2edd2","type":"RT_DIALOG"},{"chi2":369.4137268066406,"entropy":7.27430534362793,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"3eed5bb5a16544b15abe02befe9d1f47dfbb5fdddf258519ffe58e9b86ecc23d","type":"RT_DIALOG"},{"chi2":297.6000671386719,"entropy":5.893622398376465,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"4d37c4f31e611635b0c1745bab8ef5b782e1c91e2a03a55b732bffa8e21eedff","type":"RT_STRING"},{"chi2":258.5453796386719,"entropy":5.277613162994385,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"94c17b229432988c827d4f61bb3fd13270805b444438b1dd41595adec02b0507","type":"RT_STRING"},{"chi2":507.19989013671875,"entropy":5.941490173339844,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"74d3bd894203af18dffdd6dbdce14b3a2da50a8dfe05d669cfe82e453b9c86a0","type":"RT_STRING"},{"chi2":1252.778564453125,"entropy":6.864519119262695,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"84273c495c2fe3b295b4e7a1ae791638f9c399ea791c1e6ce7b56e466b64d70b","type":"RT_STRING"},{"chi2":990.5908203125,"entropy":6.5525689125061035,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"df993a1c163e34c3ca6fcf5617eb3813a71313d607e428a9c33566b618c5170d","type":"RT_STRING"},{"chi2":933.5833129882812,"entropy":6.763321399688721,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"772aed01a0ed11fc3bf1a0a49e66e12892c72e06b3753942edce76eed8110830","type":"RT_STRING"},{"chi2":376,"entropy":5.4410247802734375,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"1726c5089aa9d51fe5d6c2715b6e8e49c09263164071f96626eabc0722e97d2c","type":"RT_STRING"},{"chi2":278.87994384765625,"entropy":6.201212406158447,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"aa9c257ac5bc99c5ced530864c48ea7f6d8acae2fde68d0d326a692c0fb26f81","type":"RT_STRING"},{"chi2":368.67803955078125,"entropy":7.4059600830078125,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"d487fb22ae021091bcb80bcd0086b00250745fcadd6b33c47969e0bc607931ef","type":"RT_STRING"},{"chi2":345.44970703125,"entropy":7.043664932250977,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"9cd6ee322087f7b271d028d5c7ad2c8916c0be6f85e2ac38ee1dc7067cab8966","type":"RT_STRING"},{"chi2":220.00009155273438,"entropy":5.169925212860107,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"682a72e7d2e9c6b5af34a69bcb0a45142830f98f456f741333ec88f7e74fccc9","type":"RT_STRING"},{"chi2":312.79998779296875,"entropy":4.021928310394287,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"59c554a783fff47bb1f57558255457667c19aea260ef6295a72c87644914d132","type":"RT_GROUP_CURSOR"},{"chi2":261.60003662109375,"entropy":4.221928119659424,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"07b9e565801c50a11079f23ed9e102673e6d8daa8b32e2b971c39444813696b2","type":"RT_GROUP_CURSOR"},{"chi2":312.3531188964844,"entropy":4.771141052246094,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"514ace2966dbed3305d958724796e3020c30284eaecf31782390cdd8a9c7c06c","type":"RT_GROUP_CURSOR"},{"chi2":1746.400146484375,"entropy":2.081496477127075,"filetype":"ASCII text","lang":"NEUTRAL","sha256":"28d38d528e682cb6a7330cc38828a3d79c559433b55829c017f7aaa73ba9ed8a","type":"RT_GROUP_ICON"},{"chi2":236.0000457763672,"entropy":4.321928024291992,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"6a2c9ef6ea5acf7929c3627b6529e3e8a0058427b872797a43f464661fa19b3e","type":"RT_GROUP_ICON"},{"chi2":236.0000457763672,"entropy":4.321928024291992,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"5b788d7c84dc82a01e89a278312c93471bed748132d9adbeba3b217f1f86df2f","type":"RT_GROUP_ICON"},{"chi2":42276.51171875,"entropy":3.7713489532470703,"filetype":"Data","lang":"CHINESE SIMPLIFIED","sha256":"f6900b350031520e148120024a25b4cd6eaf02d47f73d9b8efc5b2b6911a9576","type":"RT_VERSION"},{"chi2":6778.419921875,"entropy":5.02094030380249,"filetype":"application/xml","lang":"NEUTRAL","sha256":"70b7f6ec24cf159809467626ceade9ba45e1c46660c86257e85db8caa6b1926b","type":"RT_MANIFEST"}],"resource_langs":{"CHINESE SIMPLIFIED":52,"NEUTRAL":3},"resource_types":{"RT_BITMAP":14,"RT_CURSOR":4,"RT_DIALOG":10,"RT_GROUP_CURSOR":3,"RT_GROUP_ICON":3,"RT_ICON":3,"RT_MANIFEST":1,"RT_MENU":2,"RT_STRING":11,"RT_VERSION":1,"TEXTINCLUDE":3},"rich_pe_header_hash":"677b4e2ecbe73ad25716185106f562b2","sections":[{"chi2":-1,"entropy":0,"flags":"rwx","md5":"d41d8cd98f00b204e9800998ecf8427e","name":"UPX0","raw_size":0,"virtual_address":4096,"virtual_size":5402624},{"chi2":430144.88,"entropy":7.94,"flags":"rwx","md5":"ccc4f5ef1c86ef3ffb4d4510fac2bc53","name":"UPX1","raw_size":3685888,"virtual_address":5406720,"virtual_size":3686400},{"chi2":640376.75,"entropy":5.43,"flags":"rw","md5":"e1cb333fd88510364f4fa95a02361857","name":".rsrc","raw_size":22528,"virtual_address":9093120,"virtual_size":24576}],"timestamp":1507318527},"reputation":0,"sha1":"1c0b829c02a18ecdf0c53e74ae8c54560e0349e1","sha256":"41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","signature_info":{"comments":"Ftp系统核心服务","copyright":"Windows系统Ftp核心服务 版权所有","description":"Ftp系统核心服务","file version":"2.1.2.1","product":"Ftp系统核心服务"},"size":3709440,"ssdeep":"98304:mQj2AJDOBAd9DyOXdSyt28mBivS4y6g4ue/3PJk7:mSJqBAdNXoyt28045g4ZW7","tags":["peexe","invalid-rich-pe-linker-version","upx"],"times_submitted":1,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"UPX compressed Win32 Executable","probability":27},{"file_type":"Win32 EXE Yoda's Crypter","probability":26.5},{"file_type":"Win16 NE executable (generic)","probability":14},{"file_type":"Windows screen saver","probability":13.1},{"file_type":"Win32 Dynamic Link Library (generic)","probability":6.5}],"type_description":"Win32 EXE","type_tag":"peexe","unique_sources":1,"vhash":"03603e0f7d50101011z11z67z1015z1011z11z101017z"},"context_attributes":{"match_in_subfile":true,"notification_date":1601706183,"notification_id":"1595272637191943-6114383222276096-d538dea08c43824a7852d096431d1109","notification_snippet":"56 04 57 8B 5D 10 8B C2 C1 E8 05 8B FA C1 E7 04 V.W.]...........\n33 C7 8B 7D 0C 83 E7 03 8B 3C BB *begin_highlight*03 7D 0C 81 6D*end_highlight* 3..}.....\u003c.*begin_highlight*.}..m*end_highlight*\n*begin_highlight*0C 47 86 C8 61 *end_highlight*03 C2 33 C7 03 C8 8B C1 C1 E8 05 *begin_highlight*.G..a*end_highlight*..3........","notification_source_country":null,"notification_source_key":null,"notification_tags":["41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","exploit_kits","angler_shellcode_xtea_subdelta"],"rule_name":"Angler_Shellcode_XTEA_subDelta","rule_tags":[],"ruleset_id":"6114383222276096","ruleset_name":"Exploit_Kits"},"id":"41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c","links":{"self":"https://www.virustotal.com/api/v3/files/41a8d0147aed5f6662056b13f9ebd885c69f075337e3f95bf7640f356c30c46c"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"dal_PopParcelIDStack","type":"FUNC"},{"name":"_ZN27CancledDownloadNotificationD2Ev","type":"FUNC"},{"name":"_ZN4Poco3URIaSEPKc","type":"FUNC"},{"name":"_ZNSt6vectorIN3DAL9DrawParam13DrawParameter14KindLineStyleTESaIS3_EEC2ERKS5_","type":"FUNC"},{"name":"PKCS5_PBKDF2_HMAC","type":"FUNC"},{"name":"_ZN4Poco4JSON6Parser11_asciiClassE","type":"OBJECT"},{"name":"_ZN4Poco3Net18HTTPSClientSessionC2ERKSst","type":"FUNC"},{"name":"_ZN2MP17CrossroadsMapView4drawERN3GRL8RendererE","type":"FUNC"},{"name":"_ZN4Poco8DelegateINS_11LRUStrategyISsN10InquiryPoi10ResultDataEEENS_9ValidArgsISsEELb1EED2Ev","type":"FUNC"},{"name":"OTHERNAME_free","type":"FUNC"},{"name":"Trip_iCollectRecoveryRegionLink","type":"FUNC"},{"name":"_ZTINSt3tr121_Sp_counted_base_implIPSt3mapIi15ZRegionMngTbl_tSt4lessIiESaISt4pairIKiS2_EEENS_11_Sp_d","type":"OBJECT"},{"name":"EVP_PKEY_paramgen","type":"FUNC"},{"name":"DAL_DirectionGuideData_GetNextGuidePointData","type":"FUNC"},{"name":"_ZN4Poco4Util24InvalidArgumentExceptionC2ERKSsRKNS_9ExceptionEi","type":"FUNC"},{"name":"ssl23_default_timeout","type":"FUNC"},{"name":"_ZN4Poco3XML12ParserEngine9readCharsERSiPci","type":"FUNC"},{"name":"_ZTVN9jniHelper13jvm_exceptionE","type":"OBJECT"},{"name":"_ZN4Poco4JSON13JSONExceptionD1Ev","type":"FUNC"},{"name":"_ZNK4Poco9SharedPtrINS_4JSON5ArrayENS_16ReferenceCounterENS_13ReleasePolicyIS2_EEE5derefEv","type":"FUNC"},{"name":"JNI_NE_GetDriveContentsHospital","type":"FUNC"},{"name":"_ZN4Poco15DefaultStrategyINS_9ValidArgsISsEENS_16AbstractDelegateIS2_EEE5clearEv","type":"FUNC"},{"name":"g_stViaApproachJudgeDist","type":"OBJECT"},{"name":"_ZN4Poco3XML4NameC1ERKSsS3_","type":"FUNC"},{"name":"_ZN15DALMapResources23getParcelMngDataCommandE","type":"OBJECT"},{"name":"_ZN3GRL5splitESsRKSs","type":"FUNC"},{"name":"JNI_VP_SetAcceleroSensorData","type":"FUNC"},{"name":"os_iMbxAdr","type":"FUNC"},{"name":"PKCS7_dataVerify","type":"FUNC"},{"name":"_ZN4Poco3Net18SecureStreamSocket16setLazyHandshakeEb","type":"FUNC"},{"name":"_ZTIN4Poco18ActiveResultHolderINS_4VoidEEE","type":"OBJECT"},{"name":"_ZN2MP13MyPosIconInfo35getCurrentPositionAnimateGuidePointEfRNS_17LocationWithAngleE","type":"FUNC"},{"name":"MP_SetVehicleTrackParam","type":"FUNC"},{"name":"POI_Route_SetParam","type":"FUNC"},{"name":"MP_GetAddressString","type":"FUNC"},{"name":"_ZN4Poco13FastMutexImplD2Ev","type":"FUNC"},{"name":"_ZN4Poco10ThreadImpl10ThreadDataD1Ev","type":"FUNC"},{"name":"_ZNSt3tr121_Sp_counted_base_implIPN10InquiryPoi15PoiStreetParserENS_11_Sp_deleterIS2_EELN9__gnu_cxx1","type":"FUNC"},{"name":"classRPPacket01_t","type":"OBJECT"},{"name":"_ZN4Poco11FileChannel8setFlushERKSs","type":"FUNC"},{"name":"sqlite3_uri_boolean","type":"FUNC"},{"name":"CT_POIEntrance_GetRecList","type":"FUNC"},{"name":"ENGINE_get_name","type":"FUNC"},{"name":"_ZN4Poco3URI17removeDotSegmentsEb","type":"FUNC"},{"name":"_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EEaSERKS8_","type":"FUNC"},{"name":"_ZN4Poco8DateTime11toJulianDayEiiiiiiii","type":"FUNC"},{"name":"_ZNSt6vectorIN4Poco17RegularExpression5MatchESaIS2_EE7reserveEj","type":"FUNC"},{"name":"sqlite3_db_config","type":"FUNC"},{"name":"_ZN4Poco4Task3runEv","type":"FUNC"},{"name":"ENGINE_register_DH","type":"FUNC"},{"name":"_ZN4Poco8ObserverIN12mapdl_hybrid21MapDownloadControllerENS_22TaskFailedNotificationEED0Ev","type":"FUNC"},{"name":"_ZN4Poco3Net10SocketImpl12setKeepAliveEb","type":"FUNC"},{"name":"RP_vGetStartLinkIsExpressFlagToProcMngRec","type":"FUNC"},{"name":"DAL_ZDAL_UnOpeningRoadArray_PushBack","type":"FUNC"},{"name":"_ZN14DAL_Downloader27createNWMngDataFileFullPathEv","type":"FUNC"},{"name":"_ZN39SQLiteNWDownloadFailedRegionIDCollecter8IteratorD2Ev","type":"FUNC"},{"name":"_ZN8picojson13_parse_stringIPcEEbRNS_5valueERNS_5inputIT_EE","type":"FUNC"},{"name":"CMN_sin","type":"FUNC"},{"name":"Trip_iGetNodeCoordinates","type":"FUNC"},{"name":"_ZN4Poco3XML17DOMImplementation17FEATURE_TRAVERSALE","type":"OBJECT"},{"name":"Lib_calcRectSquare","type":"FUNC"},{"name":"interpolationList_InitByBuffer","type":"FUNC"},{"name":"RS_iDeleteRerouteData","type":"FUNC"},{"name":"_ZN4Poco3Net13ICMPExceptionC2ERKS1_","type":"FUNC"},{"name":"DAL_LinkArrayData_GetDiffLinkID","type":"FUNC"},{"name":"_ZTSN4Poco28LineEndingConverterStreamBufE","type":"OBJECT"},{"name":"_IsConnected","type":"FUNC"},{"name":"_ZNK4Poco4Util24MissingArgumentException4nameEv","type":"FUNC"},{"name":"NE_POIZip_Clear","type":"FUNC"},{"name":"DB_Open","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":2066944,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":6,"num_section_headers":21,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"epoll_ctl","type":"FUNC"},{"name":"_ZNSs7replaceEN9__gnu_cxx17__normal_iteratorIPcSsEES2_PKcS4_","type":"FUNC"},{"name":"pthread_cond_signal","type":"FUNC"},{"name":"glDrawArrays","type":"FUNC"},{"name":"_toupper_tab_","type":"OBJECT"},{"name":"_ZNSiD2Ev","type":"FUNC"},{"name":"pthread_attr_setschedpolicy","type":"FUNC"},{"name":"_ZStrsIcSt11char_traitsIcEERSt13basic_istreamIT_T0_ES6_RS3_","type":"FUNC"},{"name":"_ZNSdD1Ev","type":"FUNC"},{"name":"tempnam","type":"FUNC"},{"name":"strncasecmp","type":"FUNC"},{"name":"__errno","type":"FUNC"},{"name":"_ZTv0_n12_NSoD1Ev","type":"FUNC"},{"name":"_ZTVSt15basic_streambufIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZTISi","type":"OBJECT"},{"name":"fgetpos","type":"FUNC"},{"name":"_ZNSs9push_backEc","type":"FUNC"},{"name":"glBindBuffer","type":"FUNC"},{"name":"_ZNSs6resizeEjc","type":"FUNC"},{"name":"connect","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"_ZTVSt14basic_ofstreamIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZNSs13_S_copy_charsEPcN9__gnu_cxx17__normal_iteratorIPKcSsEES4_","type":"FUNC"},{"name":"glFramebufferTexture2D","type":"FUNC"},{"name":"_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c","type":"FUNC"},{"name":"ftell","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"select","type":"FUNC"},{"name":"printf","type":"FUNC"},{"name":"strdup","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZNSolsEs","type":"FUNC"},{"name":"_ZNSs4swapERSs","type":"FUNC"},{"name":"_ZNSt15basic_streambufIcSt11char_traitsIcEED2Ev","type":"FUNC"},{"name":"_ZNSoD1Ev","type":"FUNC"},{"name":"_ZNSs6assignERKSs","type":"FUNC"},{"name":"_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE","type":"OBJECT"},{"name":"_ZNKSs7compareEjjRKSs","type":"FUNC"},{"name":"glEnableVertexAttribArray","type":"FUNC"},{"name":"gmtime_r","type":"FUNC"},{"name":"modf","type":"FUNC"},{"name":"_ZNSt6localeD1Ev","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev","type":"FUNC"},{"name":"_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode","type":"FUNC"},{"name":"abort","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"glDeleteFramebuffers","type":"FUNC"},{"name":"gettid","type":"FUNC"},{"name":"glClear","type":"FUNC"},{"name":"glDisable","type":"FUNC"},{"name":"_ZNSt12out_of_rangeD1Ev","type":"FUNC"},{"name":"sigsetjmp","type":"FUNC"},{"name":"freeaddrinfo","type":"FUNC"},{"name":"_ZTVSt9exception","type":"OBJECT"},{"name":"_ZTIh","type":"OBJECT"},{"name":"_ZTTSt19basic_istringstreamIcSt11char_traitsIcESaIcEE","type":"OBJECT"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"fork","type":"FUNC"},{"name":"_ZTVSt18basic_stringstreamIcSt11char_traitsIcESaIcEE","type":"OBJECT"},{"name":"sem_unlink","type":"FUNC"},{"name":"sched_get_priority_min","type":"FUNC"},{"name":"_ZNSt9basic_iosIcSt11char_traitsIcEE5imbueERKSt6locale","type":"FUNC"},{"name":"_ZNKSs5rfindEcj","type":"FUNC"},{"name":"_ZTIx","type":"OBJECT"},{"name":"uname","type":"FUNC"},{"name":"_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc","type":"FUNC"},{"name":"_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev","type":"FUNC"},{"name":"getservbyname","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".hash","phisical_offset":244,"section_type":"HASH","size":181388,"virtual_address":244},{"flags":"A","name":".dynsym","phisical_offset":181632,"section_type":"DYNSYM","size":462944,"virtual_address":181632},{"flags":"A","name":".dynstr","phisical_offset":644576,"section_type":"STRTAB","size":1204094,"virtual_address":644576},{"flags":"A","name":".rel.dyn","phisical_offset":1848672,"section_type":"REL","size":207600,"virtual_address":1848672},{"flags":"A","name":".rel.plt","phisical_offset":2056272,"section_type":"REL","size":4184,"virtual_address":2056272},{"flags":"AX","name":".plt","phisical_offset":2060456,"section_type":"PROGBITS","size":6480,"virtual_address":2060456},{"flags":"AX","name":".text","phisical_offset":2066944,"section_type":"PROGBITS","size":7066864,"virtual_address":2066944},{"flags":"A","name":".rodata","phisical_offset":9133808,"section_type":"PROGBITS","size":675920,"virtual_address":9133808},{"flags":"A","name":".ARM.extab","phisical_offset":9809728,"section_type":"PROGBITS","size":263848,"virtual_address":9809728},{"flags":"AL","name":".ARM.exidx","phisical_offset":10073576,"section_type":"ARM_EXIDX","size":120728,"virtual_address":10073576},{"flags":"WA","name":".init_array","phisical_offset":10225352,"section_type":"INIT_ARRAY","size":752,"virtual_address":10225352},{"flags":"WA","name":".fini_array","phisical_offset":10226104,"section_type":"FINI_ARRAY","size":12,"virtual_address":10226104},{"flags":"WA","name":".data.rel.ro","phisical_offset":10226120,"section_type":"PROGBITS","size":114312,"virtual_address":10226120},{"flags":"WA","name":".dynamic","phisical_offset":10340432,"section_type":"DYNAMIC","size":296,"virtual_address":10340432},{"flags":"WA","name":".got","phisical_offset":10340728,"section_type":"PROGBITS","size":13960,"virtual_address":10340728},{"flags":"WA","name":".data","phisical_offset":10354688,"section_type":"PROGBITS","size":120816,"virtual_address":10354688},{"flags":"WA","name":".bss","phisical_offset":10475504,"section_type":"NOBITS","size":1134068,"virtual_address":10475504},{"flags":"","name":".ARM.attributes","phisical_offset":10475504,"section_type":"ARM_ATTRIBUTES","size":51,"virtual_address":0},{"flags":"MS","name":".comment","phisical_offset":10475555,"section_type":"PROGBITS","size":83,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10475638,"section_type":"STRTAB","size":174,"virtual_address":0}],"segment_list":[{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".hash",".dynsym",".dynstr",".rel.dyn",".rel.plt",".plt",".text",".rodata",".ARM.extab",".ARM.exidx"],"segment_type":"LOAD"},{"resources":[".init_array",".fini_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".init_array",".fini_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1591778633,"last_analysis_date":1601723153,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32863","method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22091","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27210B:27.20386","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87150","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":0,"type-unsupported":14,"undetected":60},"last_modification_date":1601723172,"last_submission_date":1591778633,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"b275695cf7b42020d85ea37550ab5ef7","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"f058ebb581f22882290b27725df94bb302b89504","sha256":"48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","size":10476652,"ssdeep":"98304:TtL4ar5wuZNMvErMGrSFBFKkm4m9faPUOjung0SuOD8zVzzgH9GSLf1aNqnkHir5:14a2uQGg0Z3zwoSjGH023k","tags":["elf","shared-lib"],"telfhash":"t1e9442cb6383d4c07dcf31b657dfb2b09025a74967b75eda19eb0c6a8161084e31be84e","times_submitted":25,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"464e34041fe26316302d33b4d2d3aa78"},"context_attributes":{"match_in_subfile":false,"notification_date":1601726793,"notification_id":"1595667233448289-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"65 72 76 65 72 57 72 61 70 70 65 72 43 31 45 76 erverWrapperC1Ev\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 69 6E 67 6C ._ZN4*begin_highlight*Poco*end_highlight*15Singl\n65 74 6F 6E 48 6F 6C 64 65 72 49 4E 31 35 63 65 etonHolderIN15ce\n44 61 74 61 44 6F 77 6E 6C 6F 61 64 43 6F 6E 74 DataDownloadCont\n72 6F 6C 6C 65 72 44 31 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* rollerD1Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*39 46 61 73 74 4D 75 74 65 78 44 31 45 *begin_highlight*oco*end_highlight*9FastMutexD1E\n6F 63 6F 39 46 61 73 74 4D 75 74 65 78 44 31 45 oco9FastMutexD1E\n76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 30 53 63 6F 70 v._ZN4*begin_highlight*Poco*end_highlight*10Scop\n65 64 4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D edLockINS_9FastM\n65 64 4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D edLockINS_9FastM\n75 74 65 78 45 45 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* utexEED2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 *begin_highlight*oco*end_highlight*15SystemExcep\n74 69 6F 6E 43 31 45 52 4B 53 73 69 00 5F 5A 4E tionC1ERKSsi._ZN\n34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 67 63 68 65 63 6B 31 30 4*begin_highlight*Poco*end_highlight*8Bugcheck10\n75 6E 65 78 70 65 63 74 65 64 45 50 4B 63 69 00 unexpectedEPKci.\n75 6E 65 78 70 65 63 74 65 64 45 50 4B 63 69 00 unexpectedEPKci.\n5F 5A 54 49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 _ZTIN4*begin_highlight*Poco*end_highlight*15Syst\n65 6D 45 78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E emExceptionE._ZN\n65 6D 45 78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E emExceptionE._ZN\n34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 4*begin_highlight*Poco*end_highlight*15SystemExc\n65 70 74 69 6F 6E 44 31 45 76 00 5F 5A 4E 31 35 eptionD1Ev._ZN15\n43 6F 6E 6E 65 63 74 5F 4C 69 73 74 65 6E 65 72 Connect_Listener\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*39 46 61 73 74 4D 75 ._ZN4*begin_highlight*Poco*end_highlight*9FastMu\n74 65 78 43 31 45 76 00 5F 5A 4E 31 35 63 65 72 texC1Ev._ZN15cer\n64 43 6F 6E 74 72 6F 6C 6C 65 72 43 31 45 76 00 dControllerC1Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 30 53 63 6F 70 65 64 _ZN4*begin_highlight*Poco*end_highlight*10Scoped\n4C 6F 63 6B 49 4E 53 5F 39 46 61 73 74 4D 75 74 LockINS_9FastMut\n6C 65 72 38 69 6E 73 74 61 6E 63 65 45 76 45 32 ler8instanceEvE2\n73 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 69 6E sh._ZN4*begin_highlight*Poco*end_highlight*15Sin\n67 6C 65 74 6F 6E 48 6F 6C 64 65 72 49 4E 31 35 gletonHolderIN15\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["drovorub_malware","48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f","links":{"self":"https://www.virustotal.com/api/v3/files/48505c956c005576b1292495102a5a4d37a830dc936ce85204d2783e13082c1f"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"__aeabi_unwind_cpp_pr1","type":"FUNC"},{"name":"__aeabi_unwind_cpp_pr0","type":"FUNC"},{"name":"JNI_GL_Reset","type":"FUNC"},{"name":"CT_CtrGLResourceClear","type":"FUNC"},{"name":"_ZN7_JNIEnv9NewObjectEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv20CallStaticVoidMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_Z21registerNativeMethodsP7_JNIEnvPKcPK15JNINativeMethodi","type":"FUNC"},{"name":"JNI_OnLoad","type":"FUNC"},{"name":"gJavaVM","type":"OBJECT"},{"name":"UI_DrawMagName","type":"FUNC"},{"name":"_Z19JNI_stdTime_tToDateP7_JNIEnvl","type":"FUNC"},{"name":"_Z31JNI_dataDownloadStatusCppToJavaP7_JNIEnvPv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus6getUrlEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus22getConnectionStartTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus20getConnectionEndTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus13getHttpStatusEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus16getContentLengthEv","type":"FUNC"},{"name":"SendMessageToJavaUI","type":"FUNC"},{"name":"ConvUtf8ToSjis","type":"FUNC"},{"name":"ShiftJisToUtf8","type":"FUNC"},{"name":"_Z19Lib_JISStrToUTF8StrPcS_ii","type":"FUNC"},{"name":"JNI_Java_GetTrafficInformation","type":"FUNC"},{"name":"JNI_Java_CopyTrafficInformation","type":"FUNC"},{"name":"JNI_Java_GetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetConnectionErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetGetPWDataFlag","type":"FUNC"},{"name":"JNI_Java_tmcPlg_updateCallback","type":"FUNC"},{"name":"JNI_NE_POI_Facility_SearchRefine","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefuctureRecListCount","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefectureRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_Cancel","type":"FUNC"},{"name":"JNI_NE_POIArnd_SetDistance","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList_ShortCut","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecCount","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetNextTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNextList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetPrevTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchPrevList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_CancelQuery","type":"FUNC"},{"name":"JNI_NE_GetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_SetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_GetMapCenter","type":"FUNC"},{"name":"JNI_LIB_dtmConvByDegree","type":"FUNC"},{"name":"JNI_NE_GetMapLevel","type":"FUNC"},{"name":"JNI_NE_GetMapLevelScale","type":"FUNC"},{"name":"JNI_CT_GetMapPosition","type":"FUNC"},{"name":"JNI_CT_GetReqMapPosition","type":"FUNC"},{"name":"JNI_NE_CalcAppLevelScale","type":"FUNC"},{"name":"JNI_NE_CalcScale","type":"FUNC"},{"name":"JNI_NE_ExposeMap","type":"FUNC"},{"name":"JNI_NE_GetAddressString","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRect","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRect","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetAddressCode","type":"FUNC"},{"name":"JNI_NE_GetAreaCode","type":"FUNC"},{"name":"JNI_NE_GetMyPosi","type":"FUNC"},{"name":"JNI_NE_AjustMyPosi","type":"FUNC"},{"name":"JNI_NE_GetNaviMode","type":"FUNC"},{"name":"JNI_NE_SetNaviMode","type":"FUNC"},{"name":"JNI_NE_ActivateControl","type":"FUNC"},{"name":"JNI_CT_UIC_RouteFailerProc","type":"FUNC"},{"name":"JNI_ct_uic_UserScroll","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":0,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":7,"num_section_headers":23,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"__cxa_finalize","type":"FUNC"},{"name":"__cxa_atexit","type":"FUNC"},{"name":"pthread_mutex_destroy","type":"FUNC"},{"name":"pthread_mutexattr_init","type":"FUNC"},{"name":"pthread_mutexattr_settype","type":"FUNC"},{"name":"pthread_mutex_init","type":"FUNC"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"__android_log_print","type":"FUNC"},{"name":"pthread_mutex_lock","type":"FUNC"},{"name":"pthread_mutex_unlock","type":"FUNC"},{"name":"__gxx_personality_v0","type":"FUNC"},{"name":"_ZNSsD1Ev","type":"FUNC"},{"name":"__cxa_end_cleanup","type":"FUNC"},{"name":"_Znaj","type":"FUNC"},{"name":"memcpy","type":"FUNC"},{"name":"strcpy","type":"FUNC"},{"name":"_ZNSt8ios_base4InitC1Ev","type":"FUNC"},{"name":"__aeabi_atexit","type":"FUNC"},{"name":"_ZNSt8ios_base4InitD1Ev","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"__stack_chk_fail","type":"FUNC"},{"name":"__stack_chk_guard","type":"OBJECT"},{"name":"_ZdaPv","type":"FUNC"},{"name":"memset","type":"FUNC"},{"name":"malloc","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"sprintf","type":"FUNC"},{"name":"_Znwj","type":"FUNC"},{"name":"_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base","type":"FUNC"},{"name":"_ZdlPv","type":"FUNC"},{"name":"_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base9_M_unhookEv","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base7_M_hookEPS0_","type":"FUNC"},{"name":"_ZNSs4_Rep20_S_empty_rep_storageE","type":"OBJECT"},{"name":"_ZNSsC1EPKcRKSaIcE","type":"FUNC"},{"name":"_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_guard_acquire","type":"FUNC"},{"name":"__cxa_guard_release","type":"FUNC"},{"name":"__cxa_guard_abort","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZTVN10__cxxabiv117__class_type_infoE","type":"OBJECT"},{"name":"_ZTVN10__cxxabiv120__si_class_type_infoE","type":"OBJECT"},{"name":"sin","type":"FUNC"},{"name":"cos","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"sqrt","type":"FUNC"},{"name":"acos","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"unlink","type":"FUNC"},{"name":"mkdir","type":"FUNC"},{"name":"rmdir","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"sleep","type":"FUNC"},{"name":"pthread_cond_wait","type":"FUNC"},{"name":"usleep","type":"FUNC"},{"name":"strcat","type":"FUNC"},{"name":"strcmp","type":"FUNC"},{"name":"open","type":"FUNC"},{"name":"write","type":"FUNC"},{"name":"close","type":"FUNC"},{"name":"read","type":"FUNC"},{"name":"fstat","type":"FUNC"},{"name":"rename","type":"FUNC"},{"name":"time","type":"FUNC"},{"name":"localtime","type":"FUNC"},{"name":"strftime","type":"FUNC"},{"name":"pthread_cond_init","type":"FUNC"},{"name":"pthread_create","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".dynsym","phisical_offset":276,"section_type":"DYNSYM","size":478736,"virtual_address":276},{"flags":"A","name":".dynstr","phisical_offset":479012,"section_type":"STRTAB","size":1253870,"virtual_address":479012},{"flags":"A","name":".hash","phisical_offset":1732884,"section_type":"HASH","size":185336,"virtual_address":1732884},{"flags":"A","name":".rel.dyn","phisical_offset":1918220,"section_type":"REL","size":206304,"virtual_address":1918220},{"flags":"A","name":".rel.plt","phisical_offset":2124524,"section_type":"REL","size":4168,"virtual_address":2124524},{"flags":"AX","name":".plt","phisical_offset":2128692,"section_type":"PROGBITS","size":6272,"virtual_address":2128692},{"flags":"AX","name":".text","phisical_offset":2134976,"section_type":"PROGBITS","size":6684192,"virtual_address":2134976},{"flags":"A","name":".ARM.extab","phisical_offset":8819168,"section_type":"PROGBITS","size":258404,"virtual_address":8819168},{"flags":"AL","name":".ARM.exidx","phisical_offset":9077572,"section_type":"ARM_EXIDX","size":160840,"virtual_address":9077572},{"flags":"A","name":".rodata","phisical_offset":9238416,"section_type":"PROGBITS","size":649828,"virtual_address":9238416},{"flags":"WA","name":".data.rel.ro.local","phisical_offset":9889968,"section_type":"PROGBITS","size":44884,"virtual_address":9894064},{"flags":"WA","name":".fini_array","phisical_offset":9934852,"section_type":"FINI_ARRAY","size":8,"virtual_address":9938948},{"flags":"WA","name":".init_array","phisical_offset":9934860,"section_type":"INIT_ARRAY","size":788,"virtual_address":9938956},{"flags":"WA","name":".data.rel.ro","phisical_offset":9935648,"section_type":"PROGBITS","size":68816,"virtual_address":9939744},{"flags":"WA","name":".dynamic","phisical_offset":10004464,"section_type":"DYNAMIC","size":296,"virtual_address":10008560},{"flags":"WA","name":".got","phisical_offset":10004760,"section_type":"PROGBITS","size":14056,"virtual_address":10008856},{"flags":"WA","name":".data","phisical_offset":10018816,"section_type":"PROGBITS","size":120300,"virtual_address":10022912},{"flags":"WA","name":".bss","phisical_offset":10139116,"section_type":"NOBITS","size":1149410,"virtual_address":10143216},{"flags":"MS","name":".comment","phisical_offset":10139116,"section_type":"PROGBITS","size":38,"virtual_address":0},{"flags":"","name":".note.gnu.gold-version","phisical_offset":10139156,"section_type":"NOTE","size":28,"virtual_address":0},{"flags":"","name":".ARM.attributes","phisical_offset":10139184,"section_type":"ARM_ATTRIBUTES","size":52,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10139236,"section_type":"STRTAB","size":216,"virtual_address":0}],"segment_list":[{"resources":[],"segment_type":"PHDR"},{"resources":[".dynsym",".dynstr",".hash",".rel.dyn",".rel.plt",".plt",".text",".ARM.extab",".ARM.exidx",".rodata"],"segment_type":"LOAD"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1590716559,"last_analysis_date":1601686635,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201002","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201002","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201002","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201002","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201002","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201002","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201002","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201002","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201002","engine_version":"201002-02","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201002","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201002","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201002","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201001","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201002","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"failure","engine_name":"Comodo","engine_update":"20201002","engine_version":null,"method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201002","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201002","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201002","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201002","engine_version":"22089","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201002","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201002","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"undetected","engine_name":"FireEye","engine_update":"20201002","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201002","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201002","engine_version":"A:25.27207B:27.20380","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201002","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201002","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201002","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201002","engine_version":"11.142.35348","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201002","engine_version":"11.142.35349","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201002","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201002","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201002","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201002","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201002","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201002","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201002","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201002","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201002","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201002","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201002","engine_version":"2020-10-02.02","method":"blacklist","result":null},"TotalDefense":{"category":"undetected","engine_name":"TotalDefense","engine_update":"20201002","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201002","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201002","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201002","engine_version":"87136","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201002","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":1,"harmless":0,"malicious":0,"suspicious":0,"timeout":0,"type-unsupported":14,"undetected":59},"last_modification_date":1601686690,"last_submission_date":1590716559,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"43d2850e1b83864b0d8c39dab5c4277e","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"56c36bfd4bbb1e3084e8e87657f02dbc4ba87755","sha256":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","size":10140372,"ssdeep":"98304:r9c75xJTNuqswu802WPrPDFVYea4cidBpIsPRebD3eKcgogK:r675vNuqswu8CrbYexdLIJ3Q1","tags":["elf","shared-lib"],"telfhash":"t15344fbba383d4c17dcf31b657dfb2b0d025a74967b75dd919eb0c2a8161088e317a88e","times_submitted":17,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"7e87ba19547734eb641bada795c98bda"},"context_attributes":{"match_in_subfile":false,"notification_date":1601690342,"notification_id":"1594819139452867-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"54 55 53 45 52 4E 53 5F 36 64 6C 49 6E 66 6F 45 TUSERNS_6dlInfoE\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 ._ZN4*begin_highlight*Poco*end_highlight*15Syste\n6D 45 78 63 65 70 74 69 6F 6E 43 31 45 52 4B 53 mExceptionC1ERKS\n73 69 00 5F 5F 63 78 61 5F 62 65 67 69 6E 5F 63 si.__cxa_begin_c\n61 74 63 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 atch._ZN4*begin_highlight*Poco*end_highlight*8Bu\n67 63 68 65 63 6B 31 30 75 6E 65 78 70 65 63 74 gcheck10unexpect\n65 65 5F 65 78 63 65 70 74 69 6F 6E 00 5F 5A 54 ee_exception._ZT\n49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 IN4*begin_highlight*Poco*end_highlight*15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 50 6F xceptionE._ZN4Po\n49 4E 34 50 6F 63 6F 31 35 53 79 73 74 65 6D 45 IN4Poco15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* xceptionE._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 74 *begin_highlight*co*end_highlight*15SystemExcept\n4E 32 44 4C 31 34 47 65 74 4D 61 70 54 65 6D 70 N2DL14GetMapTemp\n50 61 74 68 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 PathEv._ZN4*begin_highlight*Poco*end_highlight*1\n33 54 65 6D 70 6F 72 61 72 79 46 69 6C 65 43 31 3TemporaryFileC1\n61 6C 65 44 31 45 76 00 5F 5A 4E 53 74 38 69 6F aleD1Ev._ZNSt8io\n73 5F 62 61 73 65 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* s_baseD2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 33 54 65 6D 70 6F 72 61 72 79 46 69 *begin_highlight*oco*end_highlight*13TemporaryFi\n4E 53 31 5F 31 30 73 68 61 72 65 64 5F 70 74 72 NS1_10shared_ptr\n49 63 45 45 6A 45 45 45 00 5F 5A 4E 34 *begin_highlight*50 6F 63*end_highlight* IcEEjEEE._ZN4*begin_highlight*Poc*end_highlight*\n*begin_highlight*6F *end_highlight*31 37 4E 6F 74 69 66 69 63 61 74 69 6F 6E 51 *begin_highlight*o*end_highlight*17NotificationQ\n53 65 61 72 63 68 52 6F 75 74 65 36 67 65 74 55 SearchRoute6getU\n72 6C 45 52 53 73 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*35 rlERSs._ZN4*begin_highlight*Poco*end_highlight*5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 50 6F MutexC1Ev._ZN4Po\n72 6C 45 52 53 73 00 5F 5A 4E 34 50 6F 63 6F 35 rlERSs._ZN4Poco5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* MutexC1Ev._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*35 4D 75 74 65 78 44 31 45 76 00 5F 5A 54 *begin_highlight*co*end_highlight*5MutexD1Ev._ZT\n69 63 61 74 69 6F 6E 42 61 73 65 44 32 45 76 00 icationBaseD2Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 32 4E 6F 74 69 66 69 _ZN4*begin_highlight*Poco*end_highlight*12Notifi\n63 61 74 69 6F 6E 44 32 45 76 00 5F 5A 54 56 32 cationD2Ev._ZTV2\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","drovorub_malware","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","links":{"self":"https://www.virustotal.com/api/v3/files/13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28"},"type":"file"} +{"attributes":{"androguard":{"AndroguardVersion":"3.0-dev","AndroidApplication":7,"AndroidApplicationError":false,"AndroidApplicationInfo":"ELF","VTAndroidInfo":1.41},"capabilities_tags":["ldpreload"],"crowdsourced_yara_results":[{"description":"Rule to detect Drovorub-server, Drovorub-agent, and Drovorub-client","rule_name":"APT_APT28_drovorub_library_and_unique_strings","ruleset_id":"00003e5371","ruleset_name":"apt_apt28_drovorub","source":"https://github.com/Neo23x0/signature-base"}],"downloadable":true,"elf_info":{"export_list":[{"name":"__aeabi_unwind_cpp_pr1","type":"FUNC"},{"name":"__aeabi_unwind_cpp_pr0","type":"FUNC"},{"name":"JNI_GL_Reset","type":"FUNC"},{"name":"CT_CtrGLResourceClear","type":"FUNC"},{"name":"_ZN7_JNIEnv9NewObjectEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv16CallObjectMethodEP8_jobjectP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv22CallStaticObjectMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_ZN7_JNIEnv20CallStaticVoidMethodEP7_jclassP10_jmethodIDz","type":"FUNC"},{"name":"_Z21registerNativeMethodsP7_JNIEnvPKcPK15JNINativeMethodi","type":"FUNC"},{"name":"JNI_OnLoad","type":"FUNC"},{"name":"gJavaVM","type":"OBJECT"},{"name":"UI_DrawMagName","type":"FUNC"},{"name":"_Z19JNI_stdTime_tToDateP7_JNIEnvl","type":"FUNC"},{"name":"_Z31JNI_dataDownloadStatusCppToJavaP7_JNIEnvPv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus6getUrlEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus22getConnectionStartTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus20getConnectionEndTimeEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus13getHttpStatusEv","type":"FUNC"},{"name":"_ZN18DataDownloadStatus16getContentLengthEv","type":"FUNC"},{"name":"SendMessageToJavaUI","type":"FUNC"},{"name":"ConvUtf8ToSjis","type":"FUNC"},{"name":"ShiftJisToUtf8","type":"FUNC"},{"name":"_Z19Lib_JISStrToUTF8StrPcS_ii","type":"FUNC"},{"name":"JNI_Java_GetTrafficInformation","type":"FUNC"},{"name":"JNI_Java_CopyTrafficInformation","type":"FUNC"},{"name":"JNI_Java_GetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetTrafficErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetConnectionErrorFlag","type":"FUNC"},{"name":"JNI_Java_SetGetPWDataFlag","type":"FUNC"},{"name":"JNI_Java_tmcPlg_updateCallback","type":"FUNC"},{"name":"JNI_NE_POI_Facility_SearchRefine","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefuctureRecListCount","type":"FUNC"},{"name":"JNI_NE_POI_Facility_GetPrefectureRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_Cancel","type":"FUNC"},{"name":"JNI_NE_POIArnd_SetDistance","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNarrowingList_ShortCut","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecCount","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetNextTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchNextList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetPrevTreeIndex","type":"FUNC"},{"name":"JNI_NE_POIArnd_SearchPrevList","type":"FUNC"},{"name":"JNI_NE_POIArnd_GetRecList","type":"FUNC"},{"name":"JNI_NE_POIArnd_CancelQuery","type":"FUNC"},{"name":"JNI_NE_GetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_SetMapHeadingup","type":"FUNC"},{"name":"JNI_NE_GetMapCenter","type":"FUNC"},{"name":"JNI_LIB_dtmConvByDegree","type":"FUNC"},{"name":"JNI_NE_GetMapLevel","type":"FUNC"},{"name":"JNI_NE_GetMapLevelScale","type":"FUNC"},{"name":"JNI_CT_GetMapPosition","type":"FUNC"},{"name":"JNI_CT_GetReqMapPosition","type":"FUNC"},{"name":"JNI_NE_CalcAppLevelScale","type":"FUNC"},{"name":"JNI_NE_CalcScale","type":"FUNC"},{"name":"JNI_NE_ExposeMap","type":"FUNC"},{"name":"JNI_NE_GetAddressString","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRect","type":"FUNC"},{"name":"JNI_NE_GetPointContainItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRect","type":"FUNC"},{"name":"JNI_NE_GetDriveContentItemInRectByCoordinate","type":"FUNC"},{"name":"JNI_NE_GetAddressCode","type":"FUNC"},{"name":"JNI_NE_GetAreaCode","type":"FUNC"},{"name":"JNI_NE_GetMyPosi","type":"FUNC"},{"name":"JNI_NE_AjustMyPosi","type":"FUNC"},{"name":"JNI_NE_GetNaviMode","type":"FUNC"},{"name":"JNI_NE_SetNaviMode","type":"FUNC"},{"name":"JNI_NE_ActivateControl","type":"FUNC"},{"name":"JNI_CT_UIC_RouteFailerProc","type":"FUNC"},{"name":"JNI_ct_uic_UserScroll","type":"FUNC"}],"header":{"abi_version":0,"class":"ELF32","data":"2's complement, little endian","entrypoint":0,"hdr_version":"1 (current)","machine":"ARM","num_prog_headers":7,"num_section_headers":23,"obj_version":"0x1","os_abi":"UNIX - System V","type":"DYN (Shared object file)"},"import_list":[{"name":"__cxa_finalize","type":"FUNC"},{"name":"__cxa_atexit","type":"FUNC"},{"name":"pthread_mutex_destroy","type":"FUNC"},{"name":"pthread_mutexattr_init","type":"FUNC"},{"name":"pthread_mutexattr_settype","type":"FUNC"},{"name":"pthread_mutex_init","type":"FUNC"},{"name":"pthread_mutexattr_destroy","type":"FUNC"},{"name":"__android_log_print","type":"FUNC"},{"name":"pthread_mutex_lock","type":"FUNC"},{"name":"pthread_mutex_unlock","type":"FUNC"},{"name":"__gxx_personality_v0","type":"FUNC"},{"name":"_ZNSsD1Ev","type":"FUNC"},{"name":"__cxa_end_cleanup","type":"FUNC"},{"name":"_Znaj","type":"FUNC"},{"name":"memcpy","type":"FUNC"},{"name":"strcpy","type":"FUNC"},{"name":"_ZNSt8ios_base4InitC1Ev","type":"FUNC"},{"name":"__aeabi_atexit","type":"FUNC"},{"name":"_ZNSt8ios_base4InitD1Ev","type":"FUNC"},{"name":"strlen","type":"FUNC"},{"name":"__stack_chk_fail","type":"FUNC"},{"name":"__stack_chk_guard","type":"OBJECT"},{"name":"_ZdaPv","type":"FUNC"},{"name":"memset","type":"FUNC"},{"name":"malloc","type":"FUNC"},{"name":"free","type":"FUNC"},{"name":"sprintf","type":"FUNC"},{"name":"_Znwj","type":"FUNC"},{"name":"_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base","type":"FUNC"},{"name":"_ZdlPv","type":"FUNC"},{"name":"_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base9_M_unhookEv","type":"FUNC"},{"name":"_ZNSt8__detail15_List_node_base7_M_hookEPS0_","type":"FUNC"},{"name":"_ZNSs4_Rep20_S_empty_rep_storageE","type":"OBJECT"},{"name":"_ZNSsC1EPKcRKSaIcE","type":"FUNC"},{"name":"_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_guard_acquire","type":"FUNC"},{"name":"__cxa_guard_release","type":"FUNC"},{"name":"__cxa_guard_abort","type":"FUNC"},{"name":"_ZSt18_Rb_tree_decrementPKSt18_Rb_tree_node_base","type":"FUNC"},{"name":"__cxa_pure_virtual","type":"FUNC"},{"name":"_ZTVN10__cxxabiv117__class_type_infoE","type":"OBJECT"},{"name":"_ZTVN10__cxxabiv120__si_class_type_infoE","type":"OBJECT"},{"name":"sin","type":"FUNC"},{"name":"cos","type":"FUNC"},{"name":"atan2","type":"FUNC"},{"name":"sqrt","type":"FUNC"},{"name":"acos","type":"FUNC"},{"name":"strncpy","type":"FUNC"},{"name":"unlink","type":"FUNC"},{"name":"mkdir","type":"FUNC"},{"name":"rmdir","type":"FUNC"},{"name":"memmove","type":"FUNC"},{"name":"sleep","type":"FUNC"},{"name":"pthread_cond_wait","type":"FUNC"},{"name":"usleep","type":"FUNC"},{"name":"strcat","type":"FUNC"},{"name":"strcmp","type":"FUNC"},{"name":"open","type":"FUNC"},{"name":"write","type":"FUNC"},{"name":"close","type":"FUNC"},{"name":"read","type":"FUNC"},{"name":"fstat","type":"FUNC"},{"name":"rename","type":"FUNC"},{"name":"time","type":"FUNC"},{"name":"localtime","type":"FUNC"},{"name":"strftime","type":"FUNC"},{"name":"pthread_cond_init","type":"FUNC"},{"name":"pthread_create","type":"FUNC"}],"section_list":[{"flags":"","name":"","phisical_offset":0,"section_type":"NULL","size":0,"virtual_address":0},{"flags":"A","name":".dynsym","phisical_offset":276,"section_type":"DYNSYM","size":478736,"virtual_address":276},{"flags":"A","name":".dynstr","phisical_offset":479012,"section_type":"STRTAB","size":1253870,"virtual_address":479012},{"flags":"A","name":".hash","phisical_offset":1732884,"section_type":"HASH","size":185336,"virtual_address":1732884},{"flags":"A","name":".rel.dyn","phisical_offset":1918220,"section_type":"REL","size":206304,"virtual_address":1918220},{"flags":"A","name":".rel.plt","phisical_offset":2124524,"section_type":"REL","size":4168,"virtual_address":2124524},{"flags":"AX","name":".plt","phisical_offset":2128692,"section_type":"PROGBITS","size":6272,"virtual_address":2128692},{"flags":"AX","name":".text","phisical_offset":2134976,"section_type":"PROGBITS","size":6684192,"virtual_address":2134976},{"flags":"A","name":".ARM.extab","phisical_offset":8819168,"section_type":"PROGBITS","size":258404,"virtual_address":8819168},{"flags":"AL","name":".ARM.exidx","phisical_offset":9077572,"section_type":"ARM_EXIDX","size":160840,"virtual_address":9077572},{"flags":"A","name":".rodata","phisical_offset":9238416,"section_type":"PROGBITS","size":649828,"virtual_address":9238416},{"flags":"WA","name":".data.rel.ro.local","phisical_offset":9889968,"section_type":"PROGBITS","size":44884,"virtual_address":9894064},{"flags":"WA","name":".fini_array","phisical_offset":9934852,"section_type":"FINI_ARRAY","size":8,"virtual_address":9938948},{"flags":"WA","name":".init_array","phisical_offset":9934860,"section_type":"INIT_ARRAY","size":788,"virtual_address":9938956},{"flags":"WA","name":".data.rel.ro","phisical_offset":9935648,"section_type":"PROGBITS","size":68816,"virtual_address":9939744},{"flags":"WA","name":".dynamic","phisical_offset":10004464,"section_type":"DYNAMIC","size":296,"virtual_address":10008560},{"flags":"WA","name":".got","phisical_offset":10004760,"section_type":"PROGBITS","size":14056,"virtual_address":10008856},{"flags":"WA","name":".data","phisical_offset":10018816,"section_type":"PROGBITS","size":120300,"virtual_address":10022912},{"flags":"WA","name":".bss","phisical_offset":10139116,"section_type":"NOBITS","size":1149410,"virtual_address":10143216},{"flags":"MS","name":".comment","phisical_offset":10139116,"section_type":"PROGBITS","size":38,"virtual_address":0},{"flags":"","name":".note.gnu.gold-version","phisical_offset":10139156,"section_type":"NOTE","size":28,"virtual_address":0},{"flags":"","name":".ARM.attributes","phisical_offset":10139184,"section_type":"ARM_ATTRIBUTES","size":52,"virtual_address":0},{"flags":"","name":".shstrtab","phisical_offset":10139236,"section_type":"STRTAB","size":216,"virtual_address":0}],"segment_list":[{"resources":[],"segment_type":"PHDR"},{"resources":[".dynsym",".dynstr",".hash",".rel.dyn",".rel.plt",".plt",".text",".ARM.extab",".ARM.exidx",".rodata"],"segment_type":"LOAD"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got",".data",".bss"],"segment_type":"LOAD"},{"resources":[".dynamic"],"segment_type":"DYNAMIC"},{"resources":[],"segment_type":"GNU_STACK"},{"resources":[".ARM.exidx"],"segment_type":"ARM_EXIDX"},{"resources":[".data.rel.ro.local",".fini_array",".init_array",".data.rel.ro",".dynamic",".got"],"segment_type":"GNU_RELRO"}],"shared_libraries":["libgnustl_shared.so","libdl.so","liblog.so","libz.so","libGLESv2.so","libGLESv1_CM.so","libjnigraphics.so","libstdc++.so","libm.so","libc.so"]},"exiftool":{"CPUArchitecture":"32 bit","CPUByteOrder":"Little endian","CPUType":"Unknown (40)","FileType":"ELF shared library","FileTypeExtension":"so","MIMEType":"application/octet-stream","ObjectFileType":"Shared object file"},"first_submission_date":1590716559,"last_analysis_date":1601723226,"last_analysis_results":{"ALYac":{"category":"undetected","engine_name":"ALYac","engine_update":"20201003","engine_version":"1.1.1.5","method":"blacklist","result":null},"APEX":{"category":"type-unsupported","engine_name":"APEX","engine_update":"20201001","engine_version":"6.76","method":"blacklist","result":null},"AVG":{"category":"undetected","engine_name":"AVG","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Acronis":{"category":"type-unsupported","engine_name":"Acronis","engine_update":"20200917","engine_version":"1.1.1.78","method":"blacklist","result":null},"Ad-Aware":{"category":"undetected","engine_name":"Ad-Aware","engine_update":"20201003","engine_version":"3.0.16.117","method":"blacklist","result":null},"AegisLab":{"category":"undetected","engine_name":"AegisLab","engine_update":"20201003","engine_version":"4.2","method":"blacklist","result":null},"AhnLab-V3":{"category":"undetected","engine_name":"AhnLab-V3","engine_update":"20201003","engine_version":"3.18.2.10046","method":"blacklist","result":null},"Alibaba":{"category":"type-unsupported","engine_name":"Alibaba","engine_update":"20190527","engine_version":"0.3.0.5","method":"blacklist","result":null},"Antiy-AVL":{"category":"undetected","engine_name":"Antiy-AVL","engine_update":"20201003","engine_version":"3.0.0.1","method":"blacklist","result":null},"Arcabit":{"category":"undetected","engine_name":"Arcabit","engine_update":"20201003","engine_version":"1.0.0.881","method":"blacklist","result":null},"Avast":{"category":"undetected","engine_name":"Avast","engine_update":"20201003","engine_version":"18.4.3895.0","method":"blacklist","result":null},"Avast-Mobile":{"category":"undetected","engine_name":"Avast-Mobile","engine_update":"20201003","engine_version":"201003-00","method":"blacklist","result":null},"Avira":{"category":"undetected","engine_name":"Avira","engine_update":"20201003","engine_version":"8.3.3.8","method":"blacklist","result":null},"Baidu":{"category":"undetected","engine_name":"Baidu","engine_update":"20190318","engine_version":"1.0.0.2","method":"blacklist","result":null},"BitDefender":{"category":"undetected","engine_name":"BitDefender","engine_update":"20201003","engine_version":"7.2","method":"blacklist","result":null},"BitDefenderTheta":{"category":"undetected","engine_name":"BitDefenderTheta","engine_update":"20200930","engine_version":"7.2.37796.0","method":"blacklist","result":null},"Bkav":{"category":"undetected","engine_name":"Bkav","engine_update":"20201003","engine_version":"1.3.0.9899","method":"blacklist","result":null},"CAT-QuickHeal":{"category":"undetected","engine_name":"CAT-QuickHeal","engine_update":"20201003","engine_version":"14.00","method":"blacklist","result":null},"CMC":{"category":"undetected","engine_name":"CMC","engine_update":"20201003","engine_version":"2.7.2019.1","method":"blacklist","result":null},"ClamAV":{"category":"undetected","engine_name":"ClamAV","engine_update":"20201002","engine_version":"0.102.3.0","method":"blacklist","result":null},"Comodo":{"category":"undetected","engine_name":"Comodo","engine_update":"20201003","engine_version":"32863","method":"blacklist","result":null},"CrowdStrike":{"category":"type-unsupported","engine_name":"CrowdStrike","engine_update":"20190702","engine_version":"1.0","method":"blacklist","result":null},"Cybereason":{"category":"type-unsupported","engine_name":"Cybereason","engine_update":"20190616","engine_version":"1.2.449","method":"blacklist","result":null},"Cylance":{"category":"type-unsupported","engine_name":"Cylance","engine_update":"20201003","engine_version":"2.3.1.101","method":"blacklist","result":null},"Cynet":{"category":"undetected","engine_name":"Cynet","engine_update":"20201003","engine_version":"4.0.0.24","method":"blacklist","result":null},"Cyren":{"category":"undetected","engine_name":"Cyren","engine_update":"20201003","engine_version":"6.3.0.2","method":"blacklist","result":null},"DrWeb":{"category":"undetected","engine_name":"DrWeb","engine_update":"20201003","engine_version":"7.0.49.9080","method":"blacklist","result":null},"ESET-NOD32":{"category":"undetected","engine_name":"ESET-NOD32","engine_update":"20201003","engine_version":"22091","method":"blacklist","result":null},"Elastic":{"category":"type-unsupported","engine_name":"Elastic","engine_update":"20200917","engine_version":"4.0.9","method":"blacklist","result":null},"Emsisoft":{"category":"undetected","engine_name":"Emsisoft","engine_update":"20201003","engine_version":"2018.12.0.1641","method":"blacklist","result":null},"F-Secure":{"category":"undetected","engine_name":"F-Secure","engine_update":"20201003","engine_version":"12.0.86.52","method":"blacklist","result":null},"FireEye":{"category":"timeout","engine_name":"FireEye","engine_update":"20201003","engine_version":"32.36.1.0","method":"blacklist","result":null},"Fortinet":{"category":"undetected","engine_name":"Fortinet","engine_update":"20201003","engine_version":"6.2.142.0","method":"blacklist","result":null},"GData":{"category":"undetected","engine_name":"GData","engine_update":"20201003","engine_version":"A:25.27210B:27.20386","method":"blacklist","result":null},"Ikarus":{"category":"undetected","engine_name":"Ikarus","engine_update":"20201003","engine_version":"0.1.5.2","method":"blacklist","result":null},"Invincea":{"category":"undetected","engine_name":"Invincea","engine_update":"20201003","engine_version":"1.0.1.0","method":"blacklist","result":null},"Jiangmin":{"category":"undetected","engine_name":"Jiangmin","engine_update":"20201003","engine_version":"16.0.100","method":"blacklist","result":null},"K7AntiVirus":{"category":"undetected","engine_name":"K7AntiVirus","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"K7GW":{"category":"undetected","engine_name":"K7GW","engine_update":"20201003","engine_version":"11.142.35351","method":"blacklist","result":null},"Kaspersky":{"category":"undetected","engine_name":"Kaspersky","engine_update":"20201003","engine_version":"15.0.1.13","method":"blacklist","result":null},"Kingsoft":{"category":"undetected","engine_name":"Kingsoft","engine_update":"20201003","engine_version":"2013.8.14.323","method":"blacklist","result":null},"MAX":{"category":"undetected","engine_name":"MAX","engine_update":"20201003","engine_version":"2019.9.16.1","method":"blacklist","result":null},"Malwarebytes":{"category":"undetected","engine_name":"Malwarebytes","engine_update":"20201003","engine_version":"3.6.4.335","method":"blacklist","result":null},"MaxSecure":{"category":"undetected","engine_name":"MaxSecure","engine_update":"20201001","engine_version":"1.0.0.1","method":"blacklist","result":null},"McAfee":{"category":"undetected","engine_name":"McAfee","engine_update":"20201003","engine_version":"6.0.6.653","method":"blacklist","result":null},"McAfee-GW-Edition":{"category":"undetected","engine_name":"McAfee-GW-Edition","engine_update":"20201003","engine_version":"v2019.1.2+3728","method":"blacklist","result":null},"MicroWorld-eScan":{"category":"undetected","engine_name":"MicroWorld-eScan","engine_update":"20201003","engine_version":"14.0.409.0","method":"blacklist","result":null},"Microsoft":{"category":"undetected","engine_name":"Microsoft","engine_update":"20201003","engine_version":"1.1.17500.4","method":"blacklist","result":null},"NANO-Antivirus":{"category":"undetected","engine_name":"NANO-Antivirus","engine_update":"20201003","engine_version":"1.0.134.25169","method":"blacklist","result":null},"Paloalto":{"category":"type-unsupported","engine_name":"Paloalto","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Panda":{"category":"undetected","engine_name":"Panda","engine_update":"20201003","engine_version":"4.6.4.2","method":"blacklist","result":null},"Qihoo-360":{"category":"undetected","engine_name":"Qihoo-360","engine_update":"20201003","engine_version":"1.0.0.1120","method":"blacklist","result":null},"Rising":{"category":"undetected","engine_name":"Rising","engine_update":"20201003","engine_version":"25.0.0.26","method":"blacklist","result":null},"SUPERAntiSpyware":{"category":"undetected","engine_name":"SUPERAntiSpyware","engine_update":"20201002","engine_version":"5.6.0.1032","method":"blacklist","result":null},"Sangfor":{"category":"undetected","engine_name":"Sangfor","engine_update":"20200814","engine_version":"1.0","method":"blacklist","result":null},"SentinelOne":{"category":"type-unsupported","engine_name":"SentinelOne","engine_update":"20200724","engine_version":"4.4.0.0","method":"blacklist","result":null},"Sophos":{"category":"undetected","engine_name":"Sophos","engine_update":"20201003","engine_version":"4.98.0","method":"blacklist","result":null},"Symantec":{"category":"undetected","engine_name":"Symantec","engine_update":"20201002","engine_version":"1.12.0.0","method":"blacklist","result":null},"SymantecMobileInsight":{"category":"type-unsupported","engine_name":"SymantecMobileInsight","engine_update":"20200813","engine_version":"2.0","method":"blacklist","result":null},"TACHYON":{"category":"undetected","engine_name":"TACHYON","engine_update":"20201003","engine_version":"2020-10-03.02","method":"blacklist","result":null},"TotalDefense":{"category":"timeout","engine_name":"TotalDefense","engine_update":"20201003","engine_version":"37.1.62.1","method":"blacklist","result":null},"Trapmine":{"category":"type-unsupported","engine_name":"Trapmine","engine_update":"20200727","engine_version":"3.5.0.1023","method":"blacklist","result":null},"TrendMicro":{"category":"undetected","engine_name":"TrendMicro","engine_update":"20201003","engine_version":"11.0.0.1006","method":"blacklist","result":null},"TrendMicro-HouseCall":{"category":"undetected","engine_name":"TrendMicro-HouseCall","engine_update":"20201003","engine_version":"10.0.0.1040","method":"blacklist","result":null},"Trustlook":{"category":"type-unsupported","engine_name":"Trustlook","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"VBA32":{"category":"undetected","engine_name":"VBA32","engine_update":"20201002","engine_version":"4.4.1","method":"blacklist","result":null},"VIPRE":{"category":"undetected","engine_name":"VIPRE","engine_update":"20201003","engine_version":"87150","method":"blacklist","result":null},"ViRobot":{"category":"undetected","engine_name":"ViRobot","engine_update":"20201002","engine_version":"2014.3.20.0","method":"blacklist","result":null},"Webroot":{"category":"type-unsupported","engine_name":"Webroot","engine_update":"20201003","engine_version":"1.0.0.403","method":"blacklist","result":null},"Yandex":{"category":"undetected","engine_name":"Yandex","engine_update":"20201001","engine_version":"5.5.2.24","method":"blacklist","result":null},"Zillya":{"category":"undetected","engine_name":"Zillya","engine_update":"20201002","engine_version":"2.0.0.4190","method":"blacklist","result":null},"ZoneAlarm":{"category":"undetected","engine_name":"ZoneAlarm","engine_update":"20201003","engine_version":"1.0","method":"blacklist","result":null},"Zoner":{"category":"undetected","engine_name":"Zoner","engine_update":"20200920","engine_version":"0.0.0.0","method":"blacklist","result":null},"eGambit":{"category":"type-unsupported","engine_name":"eGambit","engine_update":"20201003","engine_version":null,"method":"blacklist","result":null}},"last_analysis_stats":{"confirmed-timeout":0,"failure":0,"harmless":0,"malicious":0,"suspicious":0,"timeout":2,"type-unsupported":14,"undetected":58},"last_modification_date":1601723329,"last_submission_date":1590716559,"magic":"ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped","md5":"43d2850e1b83864b0d8c39dab5c4277e","meaningful_name":"libNavi.so","names":["libNavi.so"],"reputation":0,"sha1":"56c36bfd4bbb1e3084e8e87657f02dbc4ba87755","sha256":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","size":10140372,"ssdeep":"98304:r9c75xJTNuqswu802WPrPDFVYea4cidBpIsPRebD3eKcgogK:r675vNuqswu8CrbYexdLIJ3Q1","tags":["elf","shared-lib"],"telfhash":"t15344fbba383d4c17dcf31b657dfb2b0d025a74967b75dd919eb0c2a8161088e317a88e","times_submitted":17,"total_votes":{"harmless":0,"malicious":0},"trid":[{"file_type":"ELF Executable and Linkable format (generic)","probability":100}],"type_description":"ELF","type_tag":"elf","unique_sources":1,"vhash":"7e87ba19547734eb641bada795c98bda"},"context_attributes":{"match_in_subfile":false,"notification_date":1601726977,"notification_id":"1595660901067233-6083246976172032-eabf547c7efe828737dd26b5544b1421","notification_snippet":"54 55 53 45 52 4E 53 5F 36 64 6C 49 6E 66 6F 45 TUSERNS_6dlInfoE\n00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 ._ZN4*begin_highlight*Poco*end_highlight*15Syste\n6D 45 78 63 65 70 74 69 6F 6E 43 31 45 52 4B 53 mExceptionC1ERKS\n73 69 00 5F 5F 63 78 61 5F 62 65 67 69 6E 5F 63 si.__cxa_begin_c\n61 74 63 68 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*38 42 75 atch._ZN4*begin_highlight*Poco*end_highlight*8Bu\n67 63 68 65 63 6B 31 30 75 6E 65 78 70 65 63 74 gcheck10unexpect\n65 65 5F 65 78 63 65 70 74 69 6F 6E 00 5F 5A 54 ee_exception._ZT\n49 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 IN4*begin_highlight*Poco*end_highlight*15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 50 6F xceptionE._ZN4Po\n49 4E 34 50 6F 63 6F 31 35 53 79 73 74 65 6D 45 IN4Poco15SystemE\n78 63 65 70 74 69 6F 6E 45 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* xceptionE._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*31 35 53 79 73 74 65 6D 45 78 63 65 70 74 *begin_highlight*co*end_highlight*15SystemExcept\n4E 32 44 4C 31 34 47 65 74 4D 61 70 54 65 6D 70 N2DL14GetMapTemp\n50 61 74 68 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 PathEv._ZN4*begin_highlight*Poco*end_highlight*1\n33 54 65 6D 70 6F 72 61 72 79 46 69 6C 65 43 31 3TemporaryFileC1\n61 6C 65 44 31 45 76 00 5F 5A 4E 53 74 38 69 6F aleD1Ev._ZNSt8io\n73 5F 62 61 73 65 44 32 45 76 00 5F 5A 4E 34 *begin_highlight*50*end_highlight* s_baseD2Ev._ZN4*begin_highlight*P*end_highlight*\n*begin_highlight*6F 63 6F *end_highlight*31 33 54 65 6D 70 6F 72 61 72 79 46 69 *begin_highlight*oco*end_highlight*13TemporaryFi\n4E 53 31 5F 31 30 73 68 61 72 65 64 5F 70 74 72 NS1_10shared_ptr\n49 63 45 45 6A 45 45 45 00 5F 5A 4E 34 *begin_highlight*50 6F 63*end_highlight* IcEEjEEE._ZN4*begin_highlight*Poc*end_highlight*\n*begin_highlight*6F *end_highlight*31 37 4E 6F 74 69 66 69 63 61 74 69 6F 6E 51 *begin_highlight*o*end_highlight*17NotificationQ\n53 65 61 72 63 68 52 6F 75 74 65 36 67 65 74 55 SearchRoute6getU\n72 6C 45 52 53 73 00 5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*35 rlERSs._ZN4*begin_highlight*Poco*end_highlight*5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 50 6F MutexC1Ev._ZN4Po\n72 6C 45 52 53 73 00 5F 5A 4E 34 50 6F 63 6F 35 rlERSs._ZN4Poco5\n4D 75 74 65 78 43 31 45 76 00 5F 5A 4E 34 *begin_highlight*50 6F*end_highlight* MutexC1Ev._ZN4*begin_highlight*Po*end_highlight*\n*begin_highlight*63 6F *end_highlight*35 4D 75 74 65 78 44 31 45 76 00 5F 5A 54 *begin_highlight*co*end_highlight*5MutexD1Ev._ZT\n69 63 61 74 69 6F 6E 42 61 73 65 44 32 45 76 00 icationBaseD2Ev.\n5F 5A 4E 34 *begin_highlight*50 6F 63 6F *end_highlight*31 32 4E 6F 74 69 66 69 _ZN4*begin_highlight*Poco*end_highlight*12Notifi\n63 61 74 69 6F 6E 44 32 45 76 00 5F 5A 54 56 32 cationD2Ev._ZTV2\n\n...","notification_source_country":null,"notification_source_key":null,"notification_tags":["13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","drovorub_malware","drovorub_library_and_unique_strings"],"rule_name":"drovorub_library_and_unique_strings","rule_tags":[],"ruleset_id":"6083246976172032","ruleset_name":"Drovorub malware"},"id":"13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28","links":{"self":"https://www.virustotal.com/api/v3/files/13f68c8a29e71dff9d6ff2b48541db1a3b5556f6394828043e0ca00829485b28"},"type":"file"}