virustotal_api 0.5.0 → 0.5.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/.github/ISSUE_TEMPLATE/bug_report.md +38 -0
  3. data/.github/ISSUE_TEMPLATE/feature_request.md +20 -0
  4. data/.github/pull_request_template.md +11 -0
  5. data/.github/workflows/ruby.yml +43 -4
  6. data/CHANGELOG.md +25 -1
  7. data/README.md +53 -3
  8. data/lib/virustotal_api.rb +2 -0
  9. data/lib/virustotal_api/analysis.rb +0 -8
  10. data/lib/virustotal_api/base.rb +23 -7
  11. data/lib/virustotal_api/domain.rb +0 -6
  12. data/lib/virustotal_api/file.rb +21 -10
  13. data/lib/virustotal_api/group.rb +18 -0
  14. data/lib/virustotal_api/ip.rb +0 -6
  15. data/lib/virustotal_api/url.rb +0 -8
  16. data/lib/virustotal_api/user.rb +18 -0
  17. data/lib/virustotal_api/version.rb +1 -1
  18. data/test/analysis_test.rb +4 -1
  19. data/test/base_test.rb +15 -0
  20. data/test/domain_test.rb +3 -8
  21. data/test/exceptions_test.rb +8 -0
  22. data/test/file_test.rb +31 -26
  23. data/test/fixtures/domain_bad_request.yml +52 -0
  24. data/test/fixtures/file_find.yml +441 -824
  25. data/test/fixtures/file_not_found.yml +52 -0
  26. data/test/fixtures/file_rate_limit.yml +52 -0
  27. data/test/fixtures/file_upload.yml +1 -1
  28. data/test/fixtures/group_find.yml +216 -0
  29. data/test/fixtures/large_file_upload.yml +99 -0
  30. data/test/fixtures/user_find.yml +213 -0
  31. data/test/group_test.rb +27 -0
  32. data/test/ip_test.rb +2 -0
  33. data/test/url_test.rb +8 -26
  34. data/test/user_test.rb +26 -0
  35. data/virustotal_api.gemspec +1 -1
  36. metadata +24 -5
  37. data/.circleci/config.yml +0 -23
  38. data/.github/ISSUE_TEMPLATE.md +0 -15
data/lib/virustotal_api/group.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'base'
4
+
5
+ module VirustotalAPI
6
+ # A class for '/groups' API
7
+ class Group < Base
8
+ # Find a Group.
9
+ #
10
+ # @param [String] group_id to find
11
+ # @param [String] api_key The key for virustotal
12
+ # @return [VirustotalAPI::User] Report
13
+ def self.find(group_id, api_key)
14
+ report = perform("/groups/#{group_id}", api_key)
15
+ new(report)
16
+ end
17
+ end
18
+ end
data/lib/virustotal_api/ip.rb CHANGED
@@ -5,11 +5,6 @@ require_relative 'base'
5
5
  module VirustotalAPI
6
6
  # A class for '/ip_addresses' API
7
7
  class IP < Base
8
- # rubocop:disable Lint/UselessMethodDefinition
9
- def initialize(report)
10
- super(report)
11
- end
12
-
13
8
  # Find an IP.
14
9
  #
15
10
  # @param [String] ip address The IP to find.
@@ -21,4 +16,3 @@ module VirustotalAPI
21
16
  end
22
17
  end
23
18
  end
24
- # rubocop:enable Lint/UselessMethodDefinition
data/lib/virustotal_api/url.rb CHANGED
@@ -5,14 +5,6 @@ require_relative 'base'
5
5
  module VirustotalAPI
6
6
  # A class for '/urls' API
7
7
  class URL < Base
8
- attr_reader :report_url, :id
9
-
10
- def initialize(report)
11
- super(report)
12
- @report_url = report&.dig('data', 'links', 'self')
13
- @id = report&.dig('data', 'id')
14
- end
15
-
16
8
  # Find a URL.
17
9
  #
18
10
  # @param [String] resource as an ip/domain/url
data/lib/virustotal_api/user.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'base'
4
+
5
+ module VirustotalAPI
6
+ # A class for '/users' API
7
+ class User < Base
8
+ # Find a User.
9
+ #
10
+ # @param [String] user_key with id or api_key
11
+ # @param [String] api_key The key for virustotal
12
+ # @return [VirustotalAPI::User] Report
13
+ def self.find(user_key, api_key)
14
+ report = perform("/users/#{user_key}", api_key)
15
+ new(report)
16
+ end
17
+ end
18
+ end
data/lib/virustotal_api/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  module VirustotalAPI
4
4
  # The GEM version
5
- VERSION = '0.5.0'
5
+ VERSION = '0.5.5'
6
6
  end
data/test/analysis_test.rb CHANGED
@@ -11,13 +11,16 @@ class VirustotalAPIAnalysisTest < Minitest::Test
11
11
  def test_todo
12
12
  VCR.use_cassette('url_find') do
13
13
  vtreport = VirustotalAPI::URL.find(@url, @api_key)
14
+
14
15
  @id = vtreport.id
15
- assert @id
16
+ assert @id.is_a?(String)
16
17
  end
17
18
 
18
19
  VCR.use_cassette('analysis') do
19
20
  analysis = VirustotalAPI::Analysis.find(@id, @api_key)
21
+
20
22
  assert analysis.exists?
23
+ assert analysis.id.is_a?(String)
21
24
  end
22
25
  end
23
26
  end
data/test/base_test.rb CHANGED
@@ -4,6 +4,7 @@ require './test/test_helper'
4
4
 
5
5
  class VirustotalAPIBaseTest < Minitest::Test
6
6
  def setup
7
+ @domain = 'xpressco.za'
7
8
  @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
8
9
  @api_key = 'testapikey'
9
10
  end
@@ -36,4 +37,18 @@ class VirustotalAPIBaseTest < Minitest::Test
36
37
  assert virustotal_report.exists?
37
38
  end
38
39
  end
40
+
41
+ def test_not_exists?
42
+ VCR.use_cassette('file_not_found') do
43
+ virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
44
+
45
+ assert !virustotal_report.exists?
46
+ end
47
+
48
+ VCR.use_cassette('domain_bad_request') do
49
+ virustotal_report = VirustotalAPI::Domain.find(@domain, @api_key)
50
+
51
+ assert !virustotal_report.exists?
52
+ end
53
+ end
39
54
  end
data/test/domain_test.rb CHANGED
@@ -17,16 +17,11 @@ class VirustotalAPIDomainTest < Minitest::Test
17
17
  vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
18
18
 
19
19
  # Make sure that the JSON was parsed
20
+ assert vtdomain_report.exists?
20
21
  assert vtdomain_report.is_a?(VirustotalAPI::Domain)
21
22
  assert vtdomain_report.report.is_a?(Hash)
22
- end
23
- end
24
-
25
- def test_exists?
26
- VCR.use_cassette('domain') do
27
- vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
28
-
29
- assert vtdomain_report.exists?
23
+ assert vtdomain_report.id.is_a?(String)
24
+ assert vtdomain_report.report_url.is_a?(String)
30
25
  end
31
26
  end
32
27
  end
data/test/exceptions_test.rb CHANGED
@@ -20,4 +20,12 @@ class RateLimitErrorTest < Minitest::Test
20
20
  end
21
21
  end
22
22
  end
23
+
24
+ def test_rate_limit
25
+ VCR.use_cassette('file_rate_limit') do
26
+ assert_raises VirustotalAPI::RateLimitError do
27
+ VirustotalAPI::File.analyse(@sha256, @api_key)
28
+ end
29
+ end
30
+ end
23
31
  end
data/test/file_test.rb CHANGED
@@ -4,9 +4,9 @@ require './test/test_helper'
4
4
 
5
5
  class VirustotalAPIFileTest < Minitest::Test
6
6
  def setup
7
- @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
7
+ @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
8
8
  @file_path = File.expand_path('test/fixtures/null_file')
9
- @api_key = 'testapikey'
9
+ @api_key = 'testapikey'
10
10
  end
11
11
 
12
12
  def test_class_exists
@@ -15,54 +15,59 @@ class VirustotalAPIFileTest < Minitest::Test
15
15
 
16
16
  def test_report_response
17
17
  VCR.use_cassette('file_find') do
18
- virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
18
+ vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
19
19
 
20
20
  # Make sure that the JSON was parsed
21
- assert virustotal_report.is_a?(VirustotalAPI::File)
22
- assert virustotal_report.report.is_a?(Hash)
21
+ assert vt_file_report.exists?
22
+ assert vt_file_report.is_a?(VirustotalAPI::File)
23
+ assert vt_file_report.report.is_a?(Hash)
24
+ assert vt_file_report.id.is_a?(String)
25
+ assert vt_file_report.report_url.is_a?(String)
23
26
  end
24
27
  end
25
28
 
26
29
  def test_find
27
- permalink = 'https://www.virustotal.com/api/v3/files/' \
28
- '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
30
+ id = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
31
+ permalink = "https://www.virustotal.com/api/v3/files/#{id}"
32
+
29
33
  VCR.use_cassette('file_find') do
30
- virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
34
+ vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
31
35
 
32
- assert virustotal_report.report_url.is_a?(String)
33
- assert_equal permalink, virustotal_report.report_url
36
+ assert_equal permalink, vt_file_report.report_url
37
+ assert_equal id, vt_file_report.id
38
+ assert vt_file_report.detected_by('Avira')
39
+ assert !vt_file_report.detected_by('Acronis')
40
+ assert !vt_file_report.detected_by('Yeyeyeye') # not present in file
34
41
  end
35
42
  end
36
43
 
37
44
  def test_upload
38
45
  VCR.use_cassette('file_upload') do
39
- virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
46
+ vt_file_upload = VirustotalAPI::File.upload(@file_path, @api_key)
40
47
 
41
- assert virustotal_upload.report.is_a?(Hash)
48
+ assert vt_file_upload.exists?
49
+ assert vt_file_upload.report.is_a?(Hash)
50
+ assert vt_file_upload.id.is_a?(String)
42
51
  end
43
52
  end
44
53
 
45
- def test_upload_id
46
- VCR.use_cassette('file_upload') do
47
- virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
54
+ def test_upload_large
55
+ VCR.use_cassette('large_file_upload') do
56
+ vt_file_upload = VirustotalAPI::File.upload_large(@file_path, @api_key)
48
57
 
49
- assert virustotal_upload.id.is_a?(String)
58
+ assert vt_file_upload.exists?
59
+ assert vt_file_upload.report.is_a?(Hash)
60
+ assert vt_file_upload.id.is_a?(String)
50
61
  end
51
62
  end
52
63
 
53
64
  def test_analyse
54
65
  VCR.use_cassette('file_analyse') do
55
- virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
56
-
57
- assert virustotal_analyse.report.is_a?(Hash)
58
- end
59
- end
60
-
61
- def test_analyse_id
62
- VCR.use_cassette('file_analyse') do
63
- virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
66
+ vt_file_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
64
67
 
65
- assert virustotal_analyse.id.is_a?(String)
68
+ assert vt_file_analyse.exists?
69
+ assert vt_file_analyse.report.is_a?(Hash)
70
+ assert vt_file_analyse.id.is_a?(String)
66
71
  end
67
72
  end
68
73
  end
data/test/fixtures/domain_bad_request.yml ADDED
@@ -0,0 +1,52 @@
1
+ ---
2
+ http_interactions:
3
+ - request:
4
+ method: get
5
+ uri: https://www.virustotal.com/api/v3/domains/xpressco.za
6
+ body:
7
+ encoding: US-ASCII
8
+ string: ''
9
+ headers:
10
+ Accept:
11
+ - "*/*"
12
+ User-Agent:
13
+ - rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
14
+ X-Apikey:
15
+ - testapikey
16
+ Content-Length:
17
+ - '0'
18
+ Content-Type:
19
+ - application/x-www-form-urlencoded
20
+ Accept-Encoding:
21
+ - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
22
+ Host:
23
+ - www.virustotal.com
24
+ response:
25
+ status:
26
+ code: 400
27
+ message: Bad Request
28
+ headers:
29
+ Cache-Control:
30
+ - no-cache
31
+ Content-Type:
32
+ - application/json; charset=utf-8
33
+ X-Cloud-Trace-Context:
34
+ - f9f5f005efc95b0390a91fb6306201d6
35
+ Date:
36
+ - Mon, 28 Dec 2020 13:56:50 GMT
37
+ Server:
38
+ - Google Frontend
39
+ Content-Length:
40
+ - '138'
41
+ body:
42
+ encoding: UTF-8
43
+ string: |-
44
+ {
45
+ "error": {
46
+ "code": "InvalidArgumentError",
47
+ "message": "Domain \"xpressco.za\" is not a valid domain pattern"
48
+ }
49
+ }
50
+ http_version:
51
+ recorded_at: Mon, 28 Dec 2020 13:56:50 GMT
52
+ recorded_with: VCR 5.0.0
data/test/fixtures/file_find.yml CHANGED
@@ -31,529 +31,166 @@ http_interactions:
31
31
  Content-Type:
32
32
  - application/json; charset=utf-8
33
33
  X-Cloud-Trace-Context:
34
- - 03407b05cfb2624364180a01ed7921cd
34
+ - 3dcde25d6fa7896edd5d4044bbc2682f
35
35
  Date:
36
- - Wed, 02 Sep 2020 14:02:33 GMT
36
+ - Tue, 29 Sep 2020 10:22:19 GMT
37
37
  Server:
38
38
  - Google Frontend
39
39
  Content-Length:
40
- - '45861'
40
+ - '33479'
41
41
  body:
42
42
  encoding: UTF-8
43
43
  string: |-
44
44
  {
45
45
  "data": {
46
46
  "attributes": {
47
- "autostart_locations": [
48
- {
49
- "entry": "",
50
- "location": "mock"
51
- },
52
- {
53
- "entry": "launchd.conf",
54
- "location": "Startup Scripts"
55
- },
56
- {
57
- "entry": " ",
58
- "location": " "
59
- },
60
- {
61
- "entry": "Trend Micro Toolbar",
62
- "location": "Google Chrome Add-ons"
63
- },
64
- {
65
- "entry": "mhuntagent",
66
- "location": "Launch_Daemons"
67
- },
68
- {
69
- "entry": "Tampermonkey",
70
- "location": "Google Chrome Add-ons"
71
- },
72
- {
73
- "entry": "LastPass: Free Password Manager",
74
- "location": "Google Chrome Add-ons"
75
- },
76
- {
77
- "entry": "Ace Script",
78
- "location": "Google Chrome Add-ons"
79
- },
80
- {
81
- "entry": "Webroot Password Manager",
82
- "location": "Google Chrome Add-ons"
83
- },
84
- {
85
- "entry": "1Password extension (desktop app required)",
86
- "location": "Google Chrome Add-ons"
87
- },
88
- {
89
- "entry": "QuickMark QR Code Extension",
90
- "location": "Google Chrome Add-ons"
91
- },
92
- {
93
- "entry": "ZoneAlarm Anti-Phishing",
94
- "location": "Google Chrome Add-ons"
95
- },
96
- {
97
- "entry": "Webroot Password Manager",
98
- "location": "Mozilla Firefox Add-ons"
99
- },
100
- {
101
- "entry": "Tampermonkey",
102
- "location": "Chromium Add-ons"
103
- },
104
- {
105
- "entry": "Solid Savings",
106
- "location": "Mozilla Firefox Add-ons"
107
- },
108
- {
109
- "entry": "Astrmenda Search",
110
- "location": "Mozilla Firefox Add-ons"
111
- },
112
- {
113
- "entry": "",
114
- "location": "C:\\Windows\\Explorer.exe"
115
- },
116
- {
117
- "entry": "LyricsSay-1",
118
- "location": "Google Chrome Add-ons"
119
- },
120
- {
121
- "entry": "Advanced HTML for Gmail/Outlook/Office365",
122
- "location": "Google Chrome Add-ons"
123
- },
124
- {
125
- "entry": "Vosteran Search",
126
- "location": "Mozilla Firefox Add-ons"
127
- },
128
- {
129
- "entry": "CinemaP-1.9cV20.10",
130
- "location": "Google Chrome Add-ons"
131
- },
132
- {
133
- "entry": "Supreme Savings",
134
- "location": "Mozilla Firefox Add-ons"
135
- },
136
- {
137
- "entry": "AOL Toolbar",
138
- "location": "Mozilla Firefox Add-ons"
139
- },
140
- {
141
- "entry": "rc.server",
142
- "location": "Startup Scripts"
143
- },
144
- {
145
- "entry": "Browser Backgrounds",
146
- "location": "Mozilla Firefox Add-ons"
147
- },
148
- {
149
- "entry": "LastPass",
150
- "location": "Google Chrome Add-ons"
151
- },
152
- {
153
- "entry": "Motorola Connect",
154
- "location": "Google Chrome Add-ons"
155
- },
156
- {
157
- "entry": "Tampermonkey BETA",
158
- "location": "Google Chrome Add-ons"
159
- },
160
- {
161
- "entry": "Check Point SandBlast Agent for Browsers",
162
- "location": "Google Chrome Add-ons"
163
- },
164
- {
165
- "entry": "Trend Micro Toolbar",
166
- "location": "Chromium Add-ons"
167
- },
168
- {
169
- "entry": "LastPass",
170
- "location": "Mozilla Firefox Add-ons"
171
- },
172
- {
173
- "entry": "Nano Adblocker",
174
- "location": "Google Chrome Add-ons"
175
- },
176
- {
177
- "entry": "",
178
- "location": "undefined"
179
- },
180
- {
181
- "entry": "923565845ab590c7d7fa8b6547b93748887497ab",
182
- "location": "Login Items"
183
- },
184
- {
185
- "entry": "Shutterfly Exporter",
186
- "location": "Google Chrome Add-ons"
187
- },
188
- {
189
- "entry": "Ripple Wallet",
190
- "location": "Google Chrome Add-ons"
191
- },
192
- {
193
- "entry": "CinemaHd For Pro 2.4cV10.01",
194
- "location": "Opera Add-ons"
195
- },
196
- {
197
- "entry": "Tamil FM and Online Radios",
198
- "location": "Google Chrome Add-ons"
199
- },
200
- {
201
- "entry": "M-Lab Measure",
202
- "location": "Google Chrome Add-ons"
203
- },
204
- {
205
- "entry": "LastPass",
206
- "location": "Chromium Add-ons"
207
- },
208
- {
209
- "entry": "Tampermonkey",
210
- "location": "Opera Add-ons"
211
- },
212
- {
213
- "entry": "Foxtrick",
214
- "location": "Google Chrome Add-ons"
215
- },
216
- {
217
- "entry": "Weather Now",
218
- "location": "Google Chrome Add-ons"
219
- },
220
- {
221
- "entry": "Ace Stream Web Extension",
222
- "location": "Google Chrome Add-ons"
223
- },
224
- {
225
- "entry": "CRM for Gmail",
226
- "location": "Google Chrome Add-ons"
227
- },
228
- {
229
- "entry": "Daily Horoscope",
230
- "location": "Google Chrome Add-ons"
231
- },
232
- {
233
- "entry": "HD-Quality-3.1V15.12",
234
- "location": "Google Chrome Add-ons"
235
- },
236
- {
237
- "entry": "Kaspersky Password Manager",
238
- "location": "Mozilla Firefox Add-ons"
239
- },
240
- {
241
- "entry": "Easy Deals",
242
- "location": "Google Chrome Add-ons"
243
- },
244
- {
245
- "entry": "Webroot",
246
- "location": "Google Chrome Add-ons"
247
- },
248
- {
249
- "entry": "Freeven pro",
250
- "location": "Google Chrome Add-ons"
251
- },
252
- {
253
- "entry": "Plus-HD-V1.6",
254
- "location": "Google Chrome Add-ons"
255
- },
256
- {
257
- "entry": "MyBrowser 1.0.2V24.08",
258
- "location": "Google Chrome Add-ons"
259
- },
260
- {
261
- "entry": "Webroot Password Manager",
262
- "location": "Chromium Add-ons"
263
- },
264
- {
265
- "entry": "Adblock Super",
266
- "location": "Google Chrome Add-ons"
267
- },
268
- {
269
- "entry": "SuperLyrics-1",
270
- "location": "Google Chrome Add-ons"
271
- },
272
- {
273
- "entry": "SavingsApp",
274
- "location": "Mozilla Firefox Add-ons"
275
- },
276
- {
277
- "entry": "Savings Sidekick",
278
- "location": "Mozilla Firefox Add-ons"
279
- },
280
- {
281
- "entry": "Ask Toolbar for Firefox",
282
- "location": "Mozilla Firefox Add-ons"
283
- },
284
- {
285
- "entry": "HD-Quality-3.1V11.12",
286
- "location": "Google Chrome Add-ons"
287
- },
288
- {
289
- "entry": "MyBrowser 1.0.2V16.09",
290
- "location": "Google Chrome Add-ons"
291
- },
292
- {
293
- "entry": "Astromenda Search Addon",
294
- "location": "Mozilla Firefox Add-ons"
295
- },
296
- {
297
- "entry": "StravistiX for Strava",
298
- "location": "Google Chrome Add-ons"
299
- },
300
- {
301
- "entry": "CinPlus-2.4cV24.12",
302
- "location": "Google Chrome Add-ons"
303
- },
304
- {
305
- "entry": "Ace Stream Web Extension",
306
- "location": "Chromium Add-ons"
307
- },
308
- {
309
- "entry": "CyberLink YouCam WebLogin",
310
- "location": "Mozilla Firefox Add-ons"
311
- },
312
- {
313
- "entry": "HQ-Video-Pro-2.1cV30.11",
314
- "location": "Google Chrome Add-ons"
315
- },
316
- {
317
- "entry": "Save to Pocket",
318
- "location": "Google Chrome Add-ons"
319
- },
320
- {
321
- "entry": "Cinema Plus v6V23.07",
322
- "location": "Google Chrome Add-ons"
323
- },
324
- {
325
- "entry": "PlusHD Cinema 2.1cV03.03",
326
- "location": "Google Chrome Add-ons"
327
- },
328
- {
329
- "entry": "Plus-HD-9.5",
330
- "location": "Google Chrome Add-ons"
331
- },
332
- {
333
- "entry": "",
334
- "location": "HKLM/System/CurrentControlSet/Services/"
335
- },
336
- {
337
- "entry": "Adblock",
338
- "location": "Mozilla Firefox Add-ons"
339
- },
340
- {
341
- "entry": "TubeSaver-16",
342
- "location": "Mozilla Firefox Add-ons"
343
- },
344
- {
345
- "entry": "FoxTrick",
346
- "location": "Google Chrome Add-ons"
347
- },
348
- {
349
- "entry": "HDQ-1.2cV26.12",
350
- "location": "Opera Add-ons"
351
- },
352
- {
353
- "entry": "CinePlus-1.44V09.11",
354
- "location": "Google Chrome Add-ons"
355
- },
356
- {
357
- "entry": "Shopping Sidekick",
358
- "location": "Mozilla Firefox Add-ons"
359
- },
360
- {
361
- "entry": "Feven 1.5",
362
- "location": "Google Chrome Add-ons"
363
- },
364
- {
365
- "entry": "CinemaP-1.9cV31.07",
366
- "location": "Google Chrome Add-ons"
367
- },
368
- {
369
- "entry": "CinemaPlus-4.5vV30.07",
370
- "location": "Google Chrome Add-ons"
371
- },
372
- {
373
- "entry": "Cinema_Plus_3.1rV28.10",
374
- "location": "Google Chrome Add-ons"
375
- },
376
- {
377
- "entry": "Coupon Companion Plugin",
378
- "location": "Mozilla Firefox Add-ons"
379
- },
380
- {
381
- "entry": "Plus-HD-2.6",
382
- "location": "Mozilla Firefox Add-ons"
383
- },
384
- {
385
- "entry": "CinemaP-1.9cV07.11",
386
- "location": "Mozilla Firefox Add-ons"
387
- },
388
- {
389
- "entry": "Plus-HD-9.3",
390
- "location": "Google Chrome Add-ons"
391
- },
392
- {
393
- "entry": "Cinema-Plus-1.2",
394
- "location": "Google Chrome Add-ons"
395
- },
396
- {
397
- "entry": "CinemaP-1.3c",
398
- "location": "Google Chrome Add-ons"
399
- },
400
- {
401
- "entry": "Firefox OS 1.3 Simulator",
402
- "location": "Mozilla Firefox Add-ons"
403
- },
404
- {
405
- "entry": "Cinema PlusV17.09",
406
- "location": "Mozilla Firefox Add-ons"
407
- },
408
- {
409
- "entry": "LyricsFan-2",
410
- "location": "Google Chrome Add-ons"
411
- },
412
- {
413
- "entry": "CinePlus-1.44V30.08",
414
- "location": "Google Chrome Add-ons"
415
- },
416
- {
417
- "entry": "CinemaPlus_1.3dV13.05",
418
- "location": "Opera Add-ons"
419
- },
420
- {
421
- "entry": "Plus-HD-V1.6c",
422
- "location": "Mozilla Firefox Add-ons"
423
- },
424
- {
425
- "entry": "HDtubeV1.6V31.10",
426
- "location": "Google Chrome Add-ons"
427
- },
428
- {
429
- "entry": "Cinema PlusV26.03",
430
- "location": "Opera Add-ons"
431
- },
432
- {
433
- "entry": "HQ Video Pro 2.1cV16.06",
434
- "location": "Google Chrome Add-ons"
435
- },
436
- {
437
- "entry": "Plus-HD-9.6",
438
- "location": "Mozilla Firefox Add-ons"
439
- }
440
- ],
47
+ "authentihash": "59f506734a1bedf95e871bc95eb38dae2aede7b48986e2108021c584bb53c685",
48
+ "creation_date": 1330865387,
49
+ "dot_net_guids": {
50
+ "mvid": "5beaa6c7-a8b7-46a2-a2cd-5d878c3b22e6",
51
+ "typelib_id": "728093e4-7457-46be-8e8e-0fdee382cfff"
52
+ },
441
53
  "downloadable": true,
442
54
  "exiftool": {
443
- "FileType": "TXT",
444
- "FileTypeExtension": "txt",
445
- "LineCount": "1",
446
- "MIMEEncoding": "us-ascii",
447
- "MIMEType": "text/plain",
448
- "Newlines": "Unix LF",
449
- "WordCount": "0"
55
+ "AssemblyVersion": "1.3.0.0",
56
+ "CharacterSet": "Unicode",
57
+ "CodeSize": "15360",
58
+ "EntryPoint": "0x5bde",
59
+ "FileFlagsMask": "0x003f",
60
+ "FileOS": "Win32",
61
+ "FileSubtype": "0",
62
+ "FileType": "Win32 EXE",
63
+ "FileTypeExtension": "exe",
64
+ "FileVersion": "1.3.0.0",
65
+ "FileVersionNumber": "1.3.0.0",
66
+ "ImageFileCharacteristics": "Executable, 32-bit",
67
+ "ImageVersion": "0.0",
68
+ "InitializedDataSize": "5120",
69
+ "InternalName": "WindowsApplication1.exe",
70
+ "LanguageCode": "Neutral",
71
+ "LegalCopyright": "WindowsApplication1",
72
+ "LegalTrademarks": "WindowsApplication1",
73
+ "LinkerVersion": "8.0",
74
+ "MIMEType": "application/octet-stream",
75
+ "MachineType": "Intel 386 or later, and compatibles",
76
+ "OSVersion": "4.0",
77
+ "ObjectFileType": "Executable application",
78
+ "OriginalFileName": "WindowsApplication1.exe",
79
+ "PEType": "PE32",
80
+ "ProductVersion": "1.3.0.0",
81
+ "ProductVersionNumber": "1.3.0.0",
82
+ "Subsystem": "Windows GUI",
83
+ "SubsystemVersion": "4.0",
84
+ "TimeStamp": "2012:03:04 13:49:47+01:00",
85
+ "UninitializedDataSize": "0"
450
86
  },
451
- "first_submission_date": 1236257138,
452
- "last_analysis_date": 1599045062,
87
+ "first_seen_itw_date": 1309516636,
88
+ "first_submission_date": 1331065880,
89
+ "last_analysis_date": 1571882366,
453
90
  "last_analysis_results": {
454
91
  "ALYac": {
455
- "category": "undetected",
92
+ "category": "malicious",
456
93
  "engine_name": "ALYac",
457
- "engine_update": "20200902",
94
+ "engine_update": "20191024",
458
95
  "engine_version": "1.1.1.5",
459
96
  "method": "blacklist",
460
- "result": null
97
+ "result": "Gen:Variant.Razy.448897"
461
98
  },
462
99
  "APEX": {
463
- "category": "type-unsupported",
100
+ "category": "malicious",
464
101
  "engine_name": "APEX",
465
- "engine_update": "20200901",
466
- "engine_version": "6.66",
102
+ "engine_update": "20191022",
103
+ "engine_version": "5.76",
467
104
  "method": "blacklist",
468
- "result": null
105
+ "result": "Malicious"
469
106
  },
470
107
  "AVG": {
471
- "category": "undetected",
108
+ "category": "malicious",
472
109
  "engine_name": "AVG",
473
- "engine_update": "20200902",
110
+ "engine_update": "20191024",
474
111
  "engine_version": "18.4.3895.0",
475
112
  "method": "blacklist",
476
- "result": null
113
+ "result": "MSIL:GenMalicious-BHV [Trj]"
477
114
  },
478
115
  "Acronis": {
479
- "category": "type-unsupported",
116
+ "category": "undetected",
480
117
  "engine_name": "Acronis",
481
- "engine_update": "20200806",
482
- "engine_version": "1.1.1.77",
118
+ "engine_update": "20191018",
119
+ "engine_version": "1.1.1.58",
483
120
  "method": "blacklist",
484
121
  "result": null
485
122
  },
486
123
  "Ad-Aware": {
487
- "category": "undetected",
124
+ "category": "malicious",
488
125
  "engine_name": "Ad-Aware",
489
- "engine_update": "20200902",
490
- "engine_version": "3.0.16.117",
126
+ "engine_update": "20191024",
127
+ "engine_version": "3.0.5.370",
491
128
  "method": "blacklist",
492
- "result": null
129
+ "result": "Gen:Variant.Razy.448897"
493
130
  },
494
131
  "AegisLab": {
495
- "category": "undetected",
132
+ "category": "malicious",
496
133
  "engine_name": "AegisLab",
497
- "engine_update": "20200902",
134
+ "engine_update": "20191024",
498
135
  "engine_version": "4.2",
499
136
  "method": "blacklist",
500
- "result": null
137
+ "result": "Adware.MSIL.Generic.lxai"
501
138
  },
502
139
  "AhnLab-V3": {
503
- "category": "undetected",
140
+ "category": "malicious",
504
141
  "engine_name": "AhnLab-V3",
505
- "engine_update": "20200902",
506
- "engine_version": "3.18.1.10026",
142
+ "engine_update": "20191024",
143
+ "engine_version": "3.16.3.25410",
507
144
  "method": "blacklist",
508
- "result": null
145
+ "result": "Win-Trojan/MSILKrypt09.Exp"
509
146
  },
510
147
  "Alibaba": {
511
- "category": "type-unsupported",
148
+ "category": "malicious",
512
149
  "engine_name": "Alibaba",
513
150
  "engine_update": "20190527",
514
151
  "engine_version": "0.3.0.5",
515
152
  "method": "blacklist",
516
- "result": null
153
+ "result": "Backdoor:Win32/Fynloski.ddc60b83"
517
154
  },
518
155
  "Antiy-AVL": {
519
- "category": "undetected",
156
+ "category": "malicious",
520
157
  "engine_name": "Antiy-AVL",
521
- "engine_update": "20200902",
158
+ "engine_update": "20191024",
522
159
  "engine_version": "3.0.0.1",
523
160
  "method": "blacklist",
524
- "result": null
161
+ "result": "Trojan/Win32.Inject"
525
162
  },
526
163
  "Arcabit": {
527
- "category": "undetected",
164
+ "category": "malicious",
528
165
  "engine_name": "Arcabit",
529
- "engine_update": "20200902",
530
- "engine_version": "1.0.0.881",
166
+ "engine_update": "20191024",
167
+ "engine_version": "1.0.0.861",
531
168
  "method": "blacklist",
532
- "result": null
169
+ "result": "Trojan.Razy.D6D981"
533
170
  },
534
171
  "Avast": {
535
- "category": "undetected",
172
+ "category": "malicious",
536
173
  "engine_name": "Avast",
537
- "engine_update": "20200902",
174
+ "engine_update": "20191024",
538
175
  "engine_version": "18.4.3895.0",
539
176
  "method": "blacklist",
540
- "result": null
177
+ "result": "MSIL:GenMalicious-BHV [Trj]"
541
178
  },
542
179
  "Avast-Mobile": {
543
- "category": "type-unsupported",
180
+ "category": "undetected",
544
181
  "engine_name": "Avast-Mobile",
545
- "engine_update": "20200902",
546
- "engine_version": "200902-00",
182
+ "engine_update": "20191012",
183
+ "engine_version": "191012-04",
547
184
  "method": "blacklist",
548
185
  "result": null
549
186
  },
550
187
  "Avira": {
551
- "category": "undetected",
188
+ "category": "malicious",
552
189
  "engine_name": "Avira",
553
- "engine_update": "20200902",
190
+ "engine_update": "20191023",
554
191
  "engine_version": "8.3.3.8",
555
192
  "method": "blacklist",
556
- "result": null
193
+ "result": "TR/Dropper.Gen"
557
194
  },
558
195
  "Baidu": {
559
196
  "category": "undetected",
@@ -564,353 +201,345 @@ http_interactions:
564
201
  "result": null
565
202
  },
566
203
  "BitDefender": {
567
- "category": "undetected",
204
+ "category": "malicious",
568
205
  "engine_name": "BitDefender",
569
- "engine_update": "20200902",
206
+ "engine_update": "20191024",
570
207
  "engine_version": "7.2",
571
208
  "method": "blacklist",
572
- "result": null
573
- },
574
- "BitDefenderTheta": {
575
- "category": "undetected",
576
- "engine_name": "BitDefenderTheta",
577
- "engine_update": "20200902",
578
- "engine_version": "7.2.37796.0",
579
- "method": "blacklist",
580
- "result": null
209
+ "result": "Gen:Variant.Razy.448897"
581
210
  },
582
211
  "Bkav": {
583
212
  "category": "undetected",
584
213
  "engine_name": "Bkav",
585
- "engine_update": "20200901",
586
- "engine_version": "1.3.0.9899",
214
+ "engine_update": "20191023",
215
+ "engine_version": "1.3.0.10239",
587
216
  "method": "blacklist",
588
217
  "result": null
589
218
  },
590
219
  "CAT-QuickHeal": {
591
- "category": "undetected",
220
+ "category": "malicious",
592
221
  "engine_name": "CAT-QuickHeal",
593
- "engine_update": "20200902",
222
+ "engine_update": "20191022",
594
223
  "engine_version": "14.00",
595
224
  "method": "blacklist",
596
- "result": null
225
+ "result": "Trojan.GenericFC.S6053517"
597
226
  },
598
227
  "CMC": {
599
- "category": "undetected",
228
+ "category": "malicious",
600
229
  "engine_name": "CMC",
601
- "engine_update": "20200902",
602
- "engine_version": "2.7.2019.1",
230
+ "engine_update": "20190321",
231
+ "engine_version": "1.1.0.977",
603
232
  "method": "blacklist",
604
- "result": null
233
+ "result": "Trojan.MSIL.Agent!O"
605
234
  },
606
235
  "ClamAV": {
607
- "category": "undetected",
236
+ "category": "malicious",
608
237
  "engine_name": "ClamAV",
609
- "engine_update": "20200901",
610
- "engine_version": "0.102.4.0",
238
+ "engine_update": "20191023",
239
+ "engine_version": "0.102.0.0",
611
240
  "method": "blacklist",
612
- "result": null
241
+ "result": "Win.Trojan.Agent-1389032"
613
242
  },
614
243
  "Comodo": {
615
- "category": "undetected",
244
+ "category": "malicious",
616
245
  "engine_name": "Comodo",
617
- "engine_update": "20200728",
618
- "engine_version": "32668",
246
+ "engine_update": "20191024",
247
+ "engine_version": "31639",
619
248
  "method": "blacklist",
620
- "result": null
249
+ "result": "TrojWare.MSIL.TrojanDropper.Agent.VX@4na2u0"
621
250
  },
622
251
  "CrowdStrike": {
623
- "category": "type-unsupported",
252
+ "category": "malicious",
624
253
  "engine_name": "CrowdStrike",
625
254
  "engine_update": "20190702",
626
255
  "engine_version": "1.0",
627
256
  "method": "blacklist",
628
- "result": null
257
+ "result": "win/malicious_confidence_100% (D)"
629
258
  },
630
259
  "Cybereason": {
631
- "category": "type-unsupported",
260
+ "category": "malicious",
632
261
  "engine_name": "Cybereason",
633
262
  "engine_update": "20190616",
634
263
  "engine_version": "1.2.449",
635
264
  "method": "blacklist",
636
- "result": null
265
+ "result": "malicious.f5a002"
637
266
  },
638
267
  "Cylance": {
639
- "category": "type-unsupported",
268
+ "category": "malicious",
640
269
  "engine_name": "Cylance",
641
- "engine_update": "20200902",
270
+ "engine_update": "20191024",
642
271
  "engine_version": "2.3.1.101",
643
272
  "method": "blacklist",
644
- "result": null
645
- },
646
- "Cynet": {
647
- "category": "undetected",
648
- "engine_name": "Cynet",
649
- "engine_update": "20200902",
650
- "engine_version": "4.0.0.24",
651
- "method": "blacklist",
652
- "result": null
273
+ "result": "Unsafe"
653
274
  },
654
275
  "Cyren": {
655
- "category": "undetected",
276
+ "category": "malicious",
656
277
  "engine_name": "Cyren",
657
- "engine_update": "20200902",
658
- "engine_version": "6.3.0.2",
278
+ "engine_update": "20191024",
279
+ "engine_version": "6.2.2.2",
659
280
  "method": "blacklist",
660
- "result": null
281
+ "result": "W32/A-7f374f2a!Eldorado"
661
282
  },
662
283
  "DrWeb": {
663
- "category": "undetected",
284
+ "category": "malicious",
664
285
  "engine_name": "DrWeb",
665
- "engine_update": "20200902",
666
- "engine_version": "7.0.48.8080",
286
+ "engine_update": "20191024",
287
+ "engine_version": "7.0.41.7240",
667
288
  "method": "blacklist",
668
- "result": null
289
+ "result": "Win32.HLLW.Autoruner.25074"
669
290
  },
670
291
  "ESET-NOD32": {
671
- "category": "undetected",
292
+ "category": "malicious",
672
293
  "engine_name": "ESET-NOD32",
673
- "engine_update": "20200902",
674
- "engine_version": "21921",
294
+ "engine_update": "20191024",
295
+ "engine_version": "20231",
675
296
  "method": "blacklist",
676
- "result": null
677
- },
678
- "Elastic": {
679
- "category": "type-unsupported",
680
- "engine_name": "Elastic",
681
- "engine_update": "20200831",
682
- "engine_version": "4.0.8",
683
- "method": "blacklist",
684
- "result": null
297
+ "result": "a variant of MSIL/Injector.VX"
685
298
  },
686
299
  "Emsisoft": {
687
- "category": "undetected",
300
+ "category": "malicious",
688
301
  "engine_name": "Emsisoft",
689
- "engine_update": "20200902",
302
+ "engine_update": "20191024",
690
303
  "engine_version": "2018.12.0.1641",
691
304
  "method": "blacklist",
692
- "result": null
305
+ "result": "Gen:Variant.Razy.448897 (B)"
306
+ },
307
+ "Endgame": {
308
+ "category": "malicious",
309
+ "engine_name": "Endgame",
310
+ "engine_update": "20190918",
311
+ "engine_version": "3.0.15",
312
+ "method": "blacklist",
313
+ "result": "malicious (high confidence)"
314
+ },
315
+ "F-Prot": {
316
+ "category": "malicious",
317
+ "engine_name": "F-Prot",
318
+ "engine_update": "20191024",
319
+ "engine_version": "4.7.1.166",
320
+ "method": "blacklist",
321
+ "result": "W32/A-7f374f2a!Eldorado"
693
322
  },
694
323
  "F-Secure": {
695
- "category": "undetected",
324
+ "category": "malicious",
696
325
  "engine_name": "F-Secure",
697
- "engine_update": "20200902",
326
+ "engine_update": "20191024",
698
327
  "engine_version": "12.0.86.52",
699
328
  "method": "blacklist",
700
- "result": null
329
+ "result": "Trojan.TR/Dropper.Gen"
701
330
  },
702
331
  "FireEye": {
703
- "category": "undetected",
332
+ "category": "malicious",
704
333
  "engine_name": "FireEye",
705
- "engine_update": "20200902",
706
- "engine_version": "32.36.1.0",
334
+ "engine_update": "20191024",
335
+ "engine_version": "29.7.0.0",
707
336
  "method": "blacklist",
708
- "result": null
337
+ "result": "Generic.mg.e2a1373f5a0024b8"
709
338
  },
710
339
  "Fortinet": {
711
- "category": "undetected",
340
+ "category": "malicious",
712
341
  "engine_name": "Fortinet",
713
- "engine_update": "20200902",
714
- "engine_version": "6.2.142.0",
342
+ "engine_update": "20191024",
343
+ "engine_version": "5.4.247.0",
715
344
  "method": "blacklist",
716
- "result": null
345
+ "result": "MSIL/Injector.VCX!tr"
717
346
  },
718
347
  "GData": {
719
- "category": "undetected",
348
+ "category": "malicious",
720
349
  "engine_name": "GData",
721
- "engine_update": "20200902",
722
- "engine_version": "A:25.26854B:27.20024",
350
+ "engine_update": "20191024",
351
+ "engine_version": "A:25.23753B:26.16399",
723
352
  "method": "blacklist",
724
- "result": null
353
+ "result": "Gen:Variant.Razy.448897"
725
354
  },
726
355
  "Ikarus": {
727
- "category": "undetected",
356
+ "category": "malicious",
728
357
  "engine_name": "Ikarus",
729
- "engine_update": "20200902",
358
+ "engine_update": "20191023",
730
359
  "engine_version": "0.1.5.2",
731
360
  "method": "blacklist",
732
- "result": null
361
+ "result": "Trojan-Dropper"
733
362
  },
734
363
  "Invincea": {
735
- "category": "undetected",
364
+ "category": "malicious",
736
365
  "engine_name": "Invincea",
737
- "engine_update": "20200902",
738
- "engine_version": "1.0.1.0",
366
+ "engine_update": "20190904",
367
+ "engine_version": "6.3.6.26157",
739
368
  "method": "blacklist",
740
- "result": null
369
+ "result": "heuristic"
741
370
  },
742
371
  "Jiangmin": {
743
- "category": "undetected",
372
+ "category": "malicious",
744
373
  "engine_name": "Jiangmin",
745
- "engine_update": "20200902",
374
+ "engine_update": "20191024",
746
375
  "engine_version": "16.0.100",
747
376
  "method": "blacklist",
748
- "result": null
377
+ "result": "Trojan.Generic.adixj"
749
378
  },
750
379
  "K7AntiVirus": {
751
- "category": "undetected",
380
+ "category": "malicious",
752
381
  "engine_name": "K7AntiVirus",
753
- "engine_update": "20200902",
754
- "engine_version": "11.133.35137",
382
+ "engine_update": "20191023",
383
+ "engine_version": "11.74.32344",
755
384
  "method": "blacklist",
756
- "result": null
385
+ "result": "Trojan ( 00363f4b1 )"
757
386
  },
758
387
  "K7GW": {
759
- "category": "undetected",
388
+ "category": "malicious",
760
389
  "engine_name": "K7GW",
761
- "engine_update": "20200902",
762
- "engine_version": "11.133.35139",
390
+ "engine_update": "20191023",
391
+ "engine_version": "11.74.32341",
763
392
  "method": "blacklist",
764
- "result": null
393
+ "result": "Trojan ( 00363f4b1 )"
765
394
  },
766
395
  "Kaspersky": {
767
- "category": "undetected",
396
+ "category": "malicious",
768
397
  "engine_name": "Kaspersky",
769
- "engine_update": "20200902",
398
+ "engine_update": "20191024",
770
399
  "engine_version": "15.0.1.13",
771
400
  "method": "blacklist",
772
- "result": null
401
+ "result": "HEUR:Trojan.Win32.Generic"
773
402
  },
774
403
  "Kingsoft": {
775
404
  "category": "undetected",
776
405
  "engine_name": "Kingsoft",
777
- "engine_update": "20200902",
406
+ "engine_update": "20191024",
778
407
  "engine_version": "2013.8.14.323",
779
408
  "method": "blacklist",
780
409
  "result": null
781
410
  },
782
411
  "MAX": {
783
- "category": "undetected",
412
+ "category": "malicious",
784
413
  "engine_name": "MAX",
785
- "engine_update": "20200902",
414
+ "engine_update": "20191024",
786
415
  "engine_version": "2019.9.16.1",
787
416
  "method": "blacklist",
788
- "result": null
417
+ "result": "malware (ai score=98)"
789
418
  },
790
419
  "Malwarebytes": {
791
- "category": "undetected",
420
+ "category": "malicious",
792
421
  "engine_name": "Malwarebytes",
793
- "engine_update": "20200902",
794
- "engine_version": "3.6.4.335",
422
+ "engine_update": "20191024",
423
+ "engine_version": "2.1.1.1115",
795
424
  "method": "blacklist",
796
- "result": null
425
+ "result": "Worm.Ainslot"
797
426
  },
798
427
  "MaxSecure": {
799
428
  "category": "undetected",
800
429
  "engine_name": "MaxSecure",
801
- "engine_update": "20200901",
430
+ "engine_update": "20191021",
802
431
  "engine_version": "1.0.0.1",
803
432
  "method": "blacklist",
804
433
  "result": null
805
434
  },
806
435
  "McAfee": {
807
- "category": "undetected",
436
+ "category": "malicious",
808
437
  "engine_name": "McAfee",
809
- "engine_update": "20200902",
438
+ "engine_update": "20191024",
810
439
  "engine_version": "6.0.6.653",
811
440
  "method": "blacklist",
812
- "result": null
441
+ "result": "GenericRXAL-AY!E2A1373F5A00"
442
+ },
443
+ "McAfee-GW-Edition": {
444
+ "category": "malicious",
445
+ "engine_name": "McAfee-GW-Edition",
446
+ "engine_update": "20191023",
447
+ "engine_version": "v2017.3010",
448
+ "method": "blacklist",
449
+ "result": "GenericRXAL-AY!E2A1373F5A00"
813
450
  },
814
451
  "MicroWorld-eScan": {
815
- "category": "undetected",
452
+ "category": "malicious",
816
453
  "engine_name": "MicroWorld-eScan",
817
- "engine_update": "20200902",
818
- "engine_version": "14.0.409.0",
454
+ "engine_update": "20191024",
455
+ "engine_version": "14.0.297.0",
819
456
  "method": "blacklist",
820
- "result": null
457
+ "result": "Gen:Variant.Razy.448897"
821
458
  },
822
459
  "Microsoft": {
823
- "category": "undetected",
460
+ "category": "malicious",
824
461
  "engine_name": "Microsoft",
825
- "engine_update": "20200902",
826
- "engine_version": "1.1.17400.5",
462
+ "engine_update": "20191024",
463
+ "engine_version": "1.1.16500.1",
827
464
  "method": "blacklist",
828
- "result": null
465
+ "result": "Backdoor:Win32/Fynloski.A"
829
466
  },
830
467
  "NANO-Antivirus": {
831
- "category": "undetected",
468
+ "category": "malicious",
832
469
  "engine_name": "NANO-Antivirus",
833
- "engine_update": "20200902",
834
- "engine_version": "1.0.134.25140",
470
+ "engine_update": "20191024",
471
+ "engine_version": "1.0.134.24859",
835
472
  "method": "blacklist",
836
- "result": null
473
+ "result": "Trojan.Win32.Win32.dccrbj"
837
474
  },
838
475
  "Paloalto": {
839
- "category": "type-unsupported",
476
+ "category": "undetected",
840
477
  "engine_name": "Paloalto",
841
- "engine_update": "20200902",
478
+ "engine_update": "20191024",
842
479
  "engine_version": "1.0",
843
480
  "method": "blacklist",
844
481
  "result": null
845
482
  },
846
483
  "Panda": {
847
- "category": "undetected",
484
+ "category": "malicious",
848
485
  "engine_name": "Panda",
849
- "engine_update": "20200902",
486
+ "engine_update": "20191023",
850
487
  "engine_version": "4.6.4.2",
851
488
  "method": "blacklist",
852
- "result": null
489
+ "result": "Generic Malware"
853
490
  },
854
491
  "Qihoo-360": {
855
- "category": "undetected",
492
+ "category": "malicious",
856
493
  "engine_name": "Qihoo-360",
857
- "engine_update": "20200902",
494
+ "engine_update": "20191024",
858
495
  "engine_version": "1.0.0.1120",
859
496
  "method": "blacklist",
860
- "result": null
497
+ "result": "HEUR/Malware.QVM03.Gen"
861
498
  },
862
499
  "Rising": {
863
- "category": "undetected",
500
+ "category": "malicious",
864
501
  "engine_name": "Rising",
865
- "engine_update": "20200902",
866
- "engine_version": "25.0.0.26",
502
+ "engine_update": "20191024",
503
+ "engine_version": "25.0.0.24",
867
504
  "method": "blacklist",
868
- "result": null
505
+ "result": "Backdoor.Fynloski!8.1FD (TFE:C:qcZJhR0LIuT)"
869
506
  },
870
507
  "SUPERAntiSpyware": {
871
- "category": "undetected",
508
+ "category": "malicious",
872
509
  "engine_name": "SUPERAntiSpyware",
873
- "engine_update": "20200828",
510
+ "engine_update": "20191019",
874
511
  "engine_version": "5.6.0.1032",
875
512
  "method": "blacklist",
876
- "result": null
877
- },
878
- "Sangfor": {
879
- "category": "undetected",
880
- "engine_name": "Sangfor",
881
- "engine_update": "20200814",
882
- "engine_version": "1.0",
883
- "method": "blacklist",
884
- "result": null
513
+ "result": "Trojan.Agent/Gen-Injector"
885
514
  },
886
515
  "SentinelOne": {
887
- "category": "type-unsupported",
516
+ "category": "malicious",
888
517
  "engine_name": "SentinelOne",
889
- "engine_update": "20200724",
890
- "engine_version": "4.4.0.0",
518
+ "engine_update": "20190807",
519
+ "engine_version": "1.0.31.22",
891
520
  "method": "blacklist",
892
- "result": null
521
+ "result": "DFI - Malicious PE"
893
522
  },
894
523
  "Sophos": {
895
- "category": "undetected",
524
+ "category": "malicious",
896
525
  "engine_name": "Sophos",
897
- "engine_update": "20200902",
526
+ "engine_update": "20191023",
898
527
  "engine_version": "4.98.0",
899
528
  "method": "blacklist",
900
- "result": null
529
+ "result": "Mal/Generic-S"
901
530
  },
902
531
  "Symantec": {
903
- "category": "undetected",
532
+ "category": "malicious",
904
533
  "engine_name": "Symantec",
905
- "engine_update": "20200902",
906
- "engine_version": "1.12.0.0",
534
+ "engine_update": "20191023",
535
+ "engine_version": "1.11.0.0",
907
536
  "method": "blacklist",
908
- "result": null
537
+ "result": "ML.Attribute.HighConfidence"
909
538
  },
910
539
  "SymantecMobileInsight": {
911
540
  "category": "type-unsupported",
912
541
  "engine_name": "SymantecMobileInsight",
913
- "engine_update": "20200813",
542
+ "engine_update": "20191023",
914
543
  "engine_version": "2.0",
915
544
  "method": "blacklist",
916
545
  "result": null
@@ -918,15 +547,15 @@ http_interactions:
918
547
  "TACHYON": {
919
548
  "category": "undetected",
920
549
  "engine_name": "TACHYON",
921
- "engine_update": "20200902",
922
- "engine_version": "2020-09-02.02",
550
+ "engine_update": "20191024",
551
+ "engine_version": "2019-10-24.01",
923
552
  "method": "blacklist",
924
553
  "result": null
925
554
  },
926
555
  "Tencent": {
927
556
  "category": "undetected",
928
557
  "engine_name": "Tencent",
929
- "engine_update": "20200902",
558
+ "engine_update": "20191024",
930
559
  "engine_version": "1.0.0.1",
931
560
  "method": "blacklist",
932
561
  "result": null
@@ -934,104 +563,104 @@ http_interactions:
934
563
  "TotalDefense": {
935
564
  "category": "undetected",
936
565
  "engine_name": "TotalDefense",
937
- "engine_update": "20200902",
566
+ "engine_update": "20191023",
938
567
  "engine_version": "37.1.62.1",
939
568
  "method": "blacklist",
940
569
  "result": null
941
570
  },
942
- "TrendMicro": {
571
+ "Trapmine": {
943
572
  "category": "undetected",
573
+ "engine_name": "Trapmine",
574
+ "engine_update": "20190826",
575
+ "engine_version": "3.1.81.800",
576
+ "method": "blacklist",
577
+ "result": null
578
+ },
579
+ "TrendMicro": {
580
+ "category": "malicious",
944
581
  "engine_name": "TrendMicro",
945
- "engine_update": "20200902",
582
+ "engine_update": "20191024",
946
583
  "engine_version": "11.0.0.1006",
947
584
  "method": "blacklist",
948
- "result": null
585
+ "result": "TROJ_GEN.R002C0CJJ19"
949
586
  },
950
587
  "TrendMicro-HouseCall": {
951
- "category": "undetected",
588
+ "category": "malicious",
952
589
  "engine_name": "TrendMicro-HouseCall",
953
- "engine_update": "20200902",
590
+ "engine_update": "20191024",
954
591
  "engine_version": "10.0.0.1040",
955
592
  "method": "blacklist",
956
- "result": null
593
+ "result": "TROJ_GEN.R002C0CJJ19"
957
594
  },
958
595
  "Trustlook": {
959
596
  "category": "type-unsupported",
960
597
  "engine_name": "Trustlook",
961
- "engine_update": "20200902",
598
+ "engine_update": "20191024",
962
599
  "engine_version": "1.0",
963
600
  "method": "blacklist",
964
601
  "result": null
965
602
  },
966
603
  "VBA32": {
967
- "category": "undetected",
604
+ "category": "malicious",
968
605
  "engine_name": "VBA32",
969
- "engine_update": "20200902",
970
- "engine_version": "4.4.1",
606
+ "engine_update": "20191023",
607
+ "engine_version": "4.2.0",
971
608
  "method": "blacklist",
972
- "result": null
609
+ "result": "Trojan.Stealer"
973
610
  },
974
611
  "VIPRE": {
975
- "category": "undetected",
612
+ "category": "malicious",
976
613
  "engine_name": "VIPRE",
977
- "engine_update": "20200902",
978
- "engine_version": "86384",
614
+ "engine_update": "20191024",
615
+ "engine_version": "78804",
979
616
  "method": "blacklist",
980
- "result": null
617
+ "result": "Trojan.Win32.Generic!BT"
981
618
  },
982
619
  "ViRobot": {
983
620
  "category": "undetected",
984
621
  "engine_name": "ViRobot",
985
- "engine_update": "20200902",
622
+ "engine_update": "20191023",
986
623
  "engine_version": "2014.3.20.0",
987
624
  "method": "blacklist",
988
625
  "result": null
989
626
  },
990
627
  "Webroot": {
991
- "category": "type-unsupported",
628
+ "category": "malicious",
992
629
  "engine_name": "Webroot",
993
- "engine_update": "20200902",
630
+ "engine_update": "20191024",
994
631
  "engine_version": "1.0.0.403",
995
632
  "method": "blacklist",
996
- "result": null
633
+ "result": "W32.Dropper.Gen"
997
634
  },
998
635
  "Yandex": {
999
- "category": "undetected",
636
+ "category": "malicious",
1000
637
  "engine_name": "Yandex",
1001
- "engine_update": "20200901",
638
+ "engine_update": "20191023",
1002
639
  "engine_version": "5.5.2.24",
1003
640
  "method": "blacklist",
1004
- "result": null
641
+ "result": "Trojan.Agent!V+Ry11PvhKQ"
1005
642
  },
1006
643
  "Zillya": {
1007
- "category": "undetected",
644
+ "category": "malicious",
1008
645
  "engine_name": "Zillya",
1009
- "engine_update": "20200901",
1010
- "engine_version": "2.0.0.4166",
646
+ "engine_update": "20191023",
647
+ "engine_version": "2.0.0.3931",
1011
648
  "method": "blacklist",
1012
- "result": null
649
+ "result": "Dropper.Injector.Win32.17840"
1013
650
  },
1014
651
  "ZoneAlarm": {
1015
- "category": "undetected",
652
+ "category": "malicious",
1016
653
  "engine_name": "ZoneAlarm",
1017
- "engine_update": "20200902",
654
+ "engine_update": "20191024",
1018
655
  "engine_version": "1.0",
1019
656
  "method": "blacklist",
1020
- "result": null
657
+ "result": "HEUR:Trojan.Win32.Generic"
1021
658
  },
1022
659
  "Zoner": {
1023
660
  "category": "undetected",
1024
661
  "engine_name": "Zoner",
1025
- "engine_update": "20200901",
1026
- "engine_version": "0.0.0.0",
1027
- "method": "blacklist",
1028
- "result": null
1029
- },
1030
- "eGambit": {
1031
- "category": "type-unsupported",
1032
- "engine_name": "eGambit",
1033
- "engine_update": "20200902",
1034
- "engine_version": null,
662
+ "engine_update": "20191021",
663
+ "engine_version": "1.0.0.1",
1035
664
  "method": "blacklist",
1036
665
  "result": null
1037
666
  }
@@ -1040,189 +669,177 @@ http_interactions:
1040
669
  "confirmed-timeout": 0,
1041
670
  "failure": 0,
1042
671
  "harmless": 0,
1043
- "malicious": 0,
672
+ "malicious": 57,
1044
673
  "suspicious": 0,
1045
674
  "timeout": 0,
1046
- "type-unsupported": 14,
1047
- "undetected": 59
675
+ "type-unsupported": 2,
676
+ "undetected": 13
1048
677
  },
1049
- "last_modification_date": 1599055327,
1050
- "last_submission_date": 1599045062,
1051
- "magic": "very short file (no magic)",
1052
- "md5": "68b329da9893e34099c7d8ad5cb9c940",
1053
- "meaningful_name": "standalone-framework.js",
678
+ "last_modification_date": 1591850641,
679
+ "last_submission_date": 1571482228,
680
+ "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly",
681
+ "md5": "e2a1373f5a0024b81742be35880f9422",
682
+ "meaningful_name": "WindowsApplication1.exe",
1054
683
  "names": [
1055
- "432894.js",
1056
- "logo_image.php",
1057
- "download-redtube-videos-de-2",
1058
- "index.html",
1059
- "missouri-payday-loans-online-2",
1060
- "real-hook-up-sites",
1061
- "wjrfwuxtcflts2gxbgddk0flt0n6a3vtwkrfshdqy1yrtfbcnnrksw5qa01ia243nm5wngxbsflyshzxrglawwvjzwfxdjv1z3z5qzzeyjrtq1hmcgpdvmy4ymy3cdd3rm95oudrmwjdq3bza1nmy3j2ylz5tzfrbddyddngtcs=",
1062
- "index.php",
1063
- "pjx",
1064
- "cecc",
1065
- "/var/www/clean-mx/virusesevidence/output.124266458.txt",
1066
- "lg.php",
1067
- "174e",
1068
- "SGF-1000-Fact-Sheet.pdf",
1069
- "mkbnetbankar.hu",
1070
- "playing",
1071
- "internet-brides-2",
1072
- "stanislav-kravcov",
1073
- "c+++dlls+in+labview",
1074
- "psa",
1075
- "rlz",
1076
- "12",
1077
- "onlineeduhelp",
1078
- "bms.exe",
1079
- "fs.html)",
1080
- "error_404.html",
1081
- "cbd-oildiscount-website",
1082
- "index.htm",
1083
- "20141106144718814148788.doc",
1084
- "education-school-tips",
1085
- "educational-innovation",
1086
- "camcrush-webcam-chat-rooms-2",
1087
- "bgclive-review-2",
1088
- "ARLConsulSetup.exe",
1089
- "OO",
1090
- "proceso.php",
1091
- "bJxzZMKUFX",
1092
- "edutrik",
1093
- "annotatedbibliography",
1094
- "/var/www/clean-mx/virusesevidence/output.124357766.txt",
1095
- "xkhqaghyIRApCdjid",
1096
- "classified-hookup-sites-2",
1097
- "excelz",
1098
- "6yFdvLUwfxM7PhxJHy",
1099
- "JMRGBOPS2DLCREVOLUTION",
1100
- "pornporn.online",
1101
- "wxYee",
1102
- "super-monopoly-money-slot-loophole",
1103
- "edutrics",
1104
- "pxre-ns-297",
1105
- "D0hEXxcZIagKUzDIp",
1106
- "sound_e",
1107
- "68b329da9893e34099c7d8ad5cb9c940.js",
1108
- "feature-03",
1109
- "smrd.htm",
1110
- "main05.php",
1111
- "main02.php",
1112
- "main01.php",
1113
- "MiqrGsUEOVy4ijhIX",
1114
- "location",
1115
- "getkey.php",
1116
- "/var/www/clean-mx/virusesevidence/output.124408803.txt",
1117
- "MainLink.do",
1118
- "q3FDOwcVQhXwwBhPvFZ",
1119
- "854a636e94caea74b94de7d70b432476.csv",
1120
- "edu",
1121
- "fzn",
1122
- "top-custom-writers",
1123
- "essaytips",
1124
- "KTU84Q)&v=3&latitude=0.0&longitude=0.0&um5=1d1c54240f4e8e173862433d29a52ca5&o1=e8ff46a1bde24167e4cc614c686c7b18b222de1f",
1125
- "tcr6atzyle9c_4o0v4h-495844678765",
1126
- "interracial-dating-central-dating-2",
1127
- "light_image",
1128
- "msg.jpg",
1129
- "false",
1130
- "gs10h51fg16p_oggx8swk2m",
1131
- "new-jersey-governor-signs-athletics-betting-42",
1132
- "before-you-are-left-behind-what-you-have-to-do-to",
1133
- "thinking-about-core-aspects-of-russiansbrides",
1134
- "almost-all-important-online-casino-companies",
1135
- "help-with-python-homework",
1136
- "paper-writing-tips",
1137
- "54805244615",
1138
- "database.txt",
1139
- "d0%EF%BF%BD%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D1%8F:%D0%9C.%D0%92%D0%B8%D0%B4%D0%B5%D0%BE-%D0%AD%D0%BB%D1%8C%D0%B4%D0%BE%D1%80%D0%B0%D0%B4%D0%BE",
1140
- "m0uhxhf6tpgspmzi",
1141
- "analytics.php",
1142
- "stock",
1143
- "k.php",
1144
- "zLykJ-ETE7liAemnpIGW_qgDQuEJLY-Ye8",
1145
- "/var/www/clean-mx/virusesevidence/output.124529869.txt",
1146
- "dl.php",
1147
- "authorization.css",
1148
- "t.php",
1149
- "M9Spglia8HrDzf3DSr",
1150
- "777.freshteens.site",
1151
- "main03.php",
1152
- "404.html",
1153
- "20200808",
1154
- "test"
684
+ "%WINDIR%\\syswow64\\authcl.exe",
685
+ "WindowsApplication1.exe",
686
+ "myfile.exe",
687
+ "e2a1373f5a0024b81742be35880f9422",
688
+ "file-3634492_exe",
689
+ "c:/aa/aa",
690
+ "C:\\Nb0r\\BUYQCKY.vcf",
691
+ "C:\\fuAqk\\qfbN7B85\\bMrhSZ.tgz"
1155
692
  ],
1156
- "nsrl_info": {
1157
- "filenames": [
1158
- "NOOP.RULES, RESOLV.CONF",
1159
- "extralibs.ld",
1160
- "Recorder.bat, admin.passwd",
1161
- "EXTRALIB.LD, NOOP.RUL",
1162
- "CTX, HMETOPMG, NOOP.RUL, PMGRP, PMGSEG",
1163
- "DISK_1, DISK_2",
1164
- "disk_1, disk_2, disk_3",
1165
- "DUMMY.MPG",
1166
- "NNTPSERV, NOOP.RUL, UUCP_UC0.M4",
1167
- "BJC820",
1168
- "GSYSTAG.FON",
1169
- "AT.DEN, EXTRALIB.LD",
1170
- "EXTRALIBS.LD, GSYSTAG.FON",
1171
- "noop.rules",
1172
- "certify",
1173
- "master.admin.conf",
1174
- "EXTRALIB.LD",
1175
- "_relops_template.h, setupserver_UNIX_SOLSG.ini",
1176
- "PMGSEG",
1177
- "2040, 2040.dump, dat, pidfile"
693
+ "packers": {
694
+ "PEiD": ".NET executable"
695
+ },
696
+ "pe_info": {
697
+ "entry_point": 23518,
698
+ "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
699
+ "import_list": [
700
+ {
701
+ "imported_functions": [
702
+ "_CorExeMain"
703
+ ],
704
+ "library_name": "mscoree.dll"
705
+ }
1178
706
  ],
1179
- "products": [
1180
- "Linux (Corel Corporation)",
1181
- "MySQL (NuSphere Corporation)",
1182
- "Tivoli Manager (Tivoli)",
1183
- "SunSolve (Sun Microsystems)",
1184
- "Solaris (Sun Microsystems)",
1185
- "Solaris Server (Sun Microsystems)",
1186
- "OmniSwitch MPM (Xylan Corporation)",
1187
- "Omni S/R MPX (Xylan Corporation)",
1188
- "Oracle Video Server (Oracle)",
1189
- "Linux Developers Resource (InfoMagic Inc.)",
1190
- "Ultra Pack (Sun Microsystems)",
1191
- "Windows 2000 Server Resource Kit (Microsoft)",
1192
- "Mac OS X (Apple Computer Inc.)",
1193
- "Platforms, Servers, Applications (Microsoft)",
1194
- "Applications, Platforms, Servers (Microsoft)",
1195
- "Red Hat Linux (Red Hat Software Inc.)",
1196
- "Windows XP (Microsoft)",
1197
- "Windows DDks (Microsoft)",
1198
- "Windows 2000 Versions (Microsoft)",
1199
- "Sun ONE Advantage Software (Sun Microsystems)"
1200
- ]
707
+ "machine_type": 332,
708
+ "overlay": {
709
+ "chi2": 1014207.75,
710
+ "entropy": 6.000185966491699,
711
+ "filetype": "ASCII text",
712
+ "md5": "c707031a565895f35e0ca2234fd707fc",
713
+ "offset": 20992,
714
+ "size": 337992
715
+ },
716
+ "resource_details": [
717
+ {
718
+ "chi2": 46193.4609375,
719
+ "entropy": 2.7141945362091064,
720
+ "filetype": "data",
721
+ "lang": "NEUTRAL",
722
+ "sha256": "7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31",
723
+ "type": "RT_ICON"
724
+ },
725
+ {
726
+ "chi2": 22977.515625,
727
+ "entropy": 2.536116123199463,
728
+ "filetype": "data",
729
+ "lang": "NEUTRAL",
730
+ "sha256": "bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1",
731
+ "type": "RT_ICON"
732
+ },
733
+ {
734
+ "chi2": 2285.05859375,
735
+ "entropy": 2.477025032043457,
736
+ "filetype": "data",
737
+ "lang": "NEUTRAL",
738
+ "sha256": "e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda",
739
+ "type": "RT_GROUP_ICON"
740
+ },
741
+ {
742
+ "chi2": 59830.9453125,
743
+ "entropy": 3.3242666721343994,
744
+ "filetype": "data",
745
+ "lang": "NEUTRAL",
746
+ "sha256": "5b181f966455046910c9c74bbcb492165632ea11500b046bef9a9cfbf8012c12",
747
+ "type": "RT_VERSION"
748
+ },
749
+ {
750
+ "chi2": 29694.9140625,
751
+ "entropy": 4.939681053161621,
752
+ "filetype": "data",
753
+ "lang": "NEUTRAL",
754
+ "sha256": "cc128d68001f9e550cb5a7f3b740f75fd55f1a51aded97193edc9ab8dd72c3f4",
755
+ "type": "RT_MANIFEST"
756
+ }
757
+ ],
758
+ "resource_langs": {
759
+ "NEUTRAL": 5
760
+ },
761
+ "resource_types": {
762
+ "RT_GROUP_ICON": 1,
763
+ "RT_ICON": 2,
764
+ "RT_MANIFEST": 1,
765
+ "RT_VERSION": 1
766
+ },
767
+ "sections": [
768
+ {
769
+ "entropy": 5.78,
770
+ "md5": "c561514eedc1858cdd530ff239b7dd54",
771
+ "name": ".text",
772
+ "raw_size": 15360,
773
+ "virtual_address": 8192,
774
+ "virtual_size": 15332
775
+ },
776
+ {
777
+ "entropy": 4.74,
778
+ "md5": "22ddefbb74b0ba2a9136d88159dc874a",
779
+ "name": ".rsrc",
780
+ "raw_size": 4608,
781
+ "virtual_address": 24576,
782
+ "virtual_size": 4432
783
+ },
784
+ {
785
+ "entropy": 0.08,
786
+ "md5": "7ad653a900bf1dc0a5927a51215d2ebe",
787
+ "name": ".reloc",
788
+ "raw_size": 512,
789
+ "virtual_address": 32768,
790
+ "virtual_size": 12
791
+ }
792
+ ],
793
+ "timestamp": 1330865387
1201
794
  },
1202
- "reputation": -539,
1203
- "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
795
+ "reputation": 0,
796
+ "sha1": "d5fe4a085524645eb895dfff34e96cf2d1e9657f",
1204
797
  "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
1205
- "size": 1,
1206
- "ssdeep": "3:v:v",
798
+ "signature_info": {
799
+ "copyright": "WindowsApplication1",
800
+ "description": " ",
801
+ "file version": "1.3.0.0",
802
+ "internal name": "WindowsApplication1.exe",
803
+ "original name": "WindowsApplication1.exe"
804
+ },
805
+ "size": 358984,
806
+ "ssdeep": "6144:94VnmIRuxqDVQ4UFM7H9fdLXC2s2ibVjhSTagxnpzI+cqrwkTlUH157veB:Kn6GQ48MDJ99TaMpzz7rwkTlUHXO",
1207
807
  "tags": [
1208
- "nsrl",
1209
- "attachment",
1210
- "trusted",
1211
- "via-tor"
808
+ "peexe",
809
+ "assembly",
810
+ "overlay"
1212
811
  ],
1213
- "times_submitted": 12306,
812
+ "times_submitted": 3,
1214
813
  "total_votes": {
1215
- "harmless": 32,
1216
- "malicious": 93
1217
- },
1218
- "trusted_verdict": {
1219
- "filename": "standalone-framework.js",
1220
- "generator": "Microsoft Corporation",
1221
- "organization": "Microsoft Corporation",
1222
- "verdict": "goodware"
814
+ "harmless": 0,
815
+ "malicious": 0
1223
816
  },
1224
- "type_description": "unknown",
1225
- "unique_sources": 964
817
+ "trid": [
818
+ {
819
+ "file_type": "Generic CIL Executable (.NET, Mono, etc.)",
820
+ "probability": 55.8
821
+ },
822
+ {
823
+ "file_type": "Win64 Executable (generic)",
824
+ "probability": 21.0
825
+ },
826
+ {
827
+ "file_type": "Windows screen saver",
828
+ "probability": 9.9
829
+ },
830
+ {
831
+ "file_type": "Win32 Dynamic Link Library (generic)",
832
+ "probability": 5.0
833
+ },
834
+ {
835
+ "file_type": "Win32 Executable (generic)",
836
+ "probability": 3.4
837
+ }
838
+ ],
839
+ "type_description": "Win32 EXE",
840
+ "type_tag": "peexe",
841
+ "unique_sources": 3,
842
+ "vhash": "235036555511507a1230050"
1226
843
  },
1227
844
  "id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
1228
845
  "links": {
@@ -1232,5 +849,5 @@ http_interactions:
1232
849
  }
1233
850
  }
1234
851
  http_version:
1235
- recorded_at: Wed, 02 Sep 2020 14:02:33 GMT
852
+ recorded_at: Tue, 29 Sep 2020 10:22:20 GMT
1236
853
  recorded_with: VCR 5.0.0