virustotal_api 0.5.0 → 0.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/ISSUE_TEMPLATE/bug_report.md +38 -0
- data/.github/ISSUE_TEMPLATE/feature_request.md +20 -0
- data/.github/pull_request_template.md +11 -0
- data/.github/workflows/ruby.yml +43 -4
- data/CHANGELOG.md +25 -1
- data/README.md +53 -3
- data/lib/virustotal_api.rb +2 -0
- data/lib/virustotal_api/analysis.rb +0 -8
- data/lib/virustotal_api/base.rb +23 -7
- data/lib/virustotal_api/domain.rb +0 -6
- data/lib/virustotal_api/file.rb +21 -10
- data/lib/virustotal_api/group.rb +18 -0
- data/lib/virustotal_api/ip.rb +0 -6
- data/lib/virustotal_api/url.rb +0 -8
- data/lib/virustotal_api/user.rb +18 -0
- data/lib/virustotal_api/version.rb +1 -1
- data/test/analysis_test.rb +4 -1
- data/test/base_test.rb +15 -0
- data/test/domain_test.rb +3 -8
- data/test/exceptions_test.rb +8 -0
- data/test/file_test.rb +31 -26
- data/test/fixtures/domain_bad_request.yml +52 -0
- data/test/fixtures/file_find.yml +441 -824
- data/test/fixtures/file_not_found.yml +52 -0
- data/test/fixtures/file_rate_limit.yml +52 -0
- data/test/fixtures/file_upload.yml +1 -1
- data/test/fixtures/group_find.yml +216 -0
- data/test/fixtures/large_file_upload.yml +99 -0
- data/test/fixtures/user_find.yml +213 -0
- data/test/group_test.rb +27 -0
- data/test/ip_test.rb +2 -0
- data/test/url_test.rb +8 -26
- data/test/user_test.rb +26 -0
- data/virustotal_api.gemspec +1 -1
- metadata +24 -5
- data/.circleci/config.yml +0 -23
- data/.github/ISSUE_TEMPLATE.md +0 -15
@@ -0,0 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'base'
|
4
|
+
|
5
|
+
module VirustotalAPI
|
6
|
+
# A class for '/groups' API
|
7
|
+
class Group < Base
|
8
|
+
# Find a Group.
|
9
|
+
#
|
10
|
+
# @param [String] group_id to find
|
11
|
+
# @param [String] api_key The key for virustotal
|
12
|
+
# @return [VirustotalAPI::User] Report
|
13
|
+
def self.find(group_id, api_key)
|
14
|
+
report = perform("/groups/#{group_id}", api_key)
|
15
|
+
new(report)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/lib/virustotal_api/ip.rb
CHANGED
@@ -5,11 +5,6 @@ require_relative 'base'
|
|
5
5
|
module VirustotalAPI
|
6
6
|
# A class for '/ip_addresses' API
|
7
7
|
class IP < Base
|
8
|
-
# rubocop:disable Lint/UselessMethodDefinition
|
9
|
-
def initialize(report)
|
10
|
-
super(report)
|
11
|
-
end
|
12
|
-
|
13
8
|
# Find an IP.
|
14
9
|
#
|
15
10
|
# @param [String] ip address The IP to find.
|
@@ -21,4 +16,3 @@ module VirustotalAPI
|
|
21
16
|
end
|
22
17
|
end
|
23
18
|
end
|
24
|
-
# rubocop:enable Lint/UselessMethodDefinition
|
data/lib/virustotal_api/url.rb
CHANGED
@@ -5,14 +5,6 @@ require_relative 'base'
|
|
5
5
|
module VirustotalAPI
|
6
6
|
# A class for '/urls' API
|
7
7
|
class URL < Base
|
8
|
-
attr_reader :report_url, :id
|
9
|
-
|
10
|
-
def initialize(report)
|
11
|
-
super(report)
|
12
|
-
@report_url = report&.dig('data', 'links', 'self')
|
13
|
-
@id = report&.dig('data', 'id')
|
14
|
-
end
|
15
|
-
|
16
8
|
# Find a URL.
|
17
9
|
#
|
18
10
|
# @param [String] resource as an ip/domain/url
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'base'
|
4
|
+
|
5
|
+
module VirustotalAPI
|
6
|
+
# A class for '/users' API
|
7
|
+
class User < Base
|
8
|
+
# Find a User.
|
9
|
+
#
|
10
|
+
# @param [String] user_key with id or api_key
|
11
|
+
# @param [String] api_key The key for virustotal
|
12
|
+
# @return [VirustotalAPI::User] Report
|
13
|
+
def self.find(user_key, api_key)
|
14
|
+
report = perform("/users/#{user_key}", api_key)
|
15
|
+
new(report)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
data/test/analysis_test.rb
CHANGED
@@ -11,13 +11,16 @@ class VirustotalAPIAnalysisTest < Minitest::Test
|
|
11
11
|
def test_todo
|
12
12
|
VCR.use_cassette('url_find') do
|
13
13
|
vtreport = VirustotalAPI::URL.find(@url, @api_key)
|
14
|
+
|
14
15
|
@id = vtreport.id
|
15
|
-
assert @id
|
16
|
+
assert @id.is_a?(String)
|
16
17
|
end
|
17
18
|
|
18
19
|
VCR.use_cassette('analysis') do
|
19
20
|
analysis = VirustotalAPI::Analysis.find(@id, @api_key)
|
21
|
+
|
20
22
|
assert analysis.exists?
|
23
|
+
assert analysis.id.is_a?(String)
|
21
24
|
end
|
22
25
|
end
|
23
26
|
end
|
data/test/base_test.rb
CHANGED
@@ -4,6 +4,7 @@ require './test/test_helper'
|
|
4
4
|
|
5
5
|
class VirustotalAPIBaseTest < Minitest::Test
|
6
6
|
def setup
|
7
|
+
@domain = 'xpressco.za'
|
7
8
|
@sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
|
8
9
|
@api_key = 'testapikey'
|
9
10
|
end
|
@@ -36,4 +37,18 @@ class VirustotalAPIBaseTest < Minitest::Test
|
|
36
37
|
assert virustotal_report.exists?
|
37
38
|
end
|
38
39
|
end
|
40
|
+
|
41
|
+
def test_not_exists?
|
42
|
+
VCR.use_cassette('file_not_found') do
|
43
|
+
virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
|
44
|
+
|
45
|
+
assert !virustotal_report.exists?
|
46
|
+
end
|
47
|
+
|
48
|
+
VCR.use_cassette('domain_bad_request') do
|
49
|
+
virustotal_report = VirustotalAPI::Domain.find(@domain, @api_key)
|
50
|
+
|
51
|
+
assert !virustotal_report.exists?
|
52
|
+
end
|
53
|
+
end
|
39
54
|
end
|
data/test/domain_test.rb
CHANGED
@@ -17,16 +17,11 @@ class VirustotalAPIDomainTest < Minitest::Test
|
|
17
17
|
vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
|
18
18
|
|
19
19
|
# Make sure that the JSON was parsed
|
20
|
+
assert vtdomain_report.exists?
|
20
21
|
assert vtdomain_report.is_a?(VirustotalAPI::Domain)
|
21
22
|
assert vtdomain_report.report.is_a?(Hash)
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
def test_exists?
|
26
|
-
VCR.use_cassette('domain') do
|
27
|
-
vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
|
28
|
-
|
29
|
-
assert vtdomain_report.exists?
|
23
|
+
assert vtdomain_report.id.is_a?(String)
|
24
|
+
assert vtdomain_report.report_url.is_a?(String)
|
30
25
|
end
|
31
26
|
end
|
32
27
|
end
|
data/test/exceptions_test.rb
CHANGED
@@ -20,4 +20,12 @@ class RateLimitErrorTest < Minitest::Test
|
|
20
20
|
end
|
21
21
|
end
|
22
22
|
end
|
23
|
+
|
24
|
+
def test_rate_limit
|
25
|
+
VCR.use_cassette('file_rate_limit') do
|
26
|
+
assert_raises VirustotalAPI::RateLimitError do
|
27
|
+
VirustotalAPI::File.analyse(@sha256, @api_key)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
23
31
|
end
|
data/test/file_test.rb
CHANGED
@@ -4,9 +4,9 @@ require './test/test_helper'
|
|
4
4
|
|
5
5
|
class VirustotalAPIFileTest < Minitest::Test
|
6
6
|
def setup
|
7
|
-
@sha256
|
7
|
+
@sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
|
8
8
|
@file_path = File.expand_path('test/fixtures/null_file')
|
9
|
-
@api_key
|
9
|
+
@api_key = 'testapikey'
|
10
10
|
end
|
11
11
|
|
12
12
|
def test_class_exists
|
@@ -15,54 +15,59 @@ class VirustotalAPIFileTest < Minitest::Test
|
|
15
15
|
|
16
16
|
def test_report_response
|
17
17
|
VCR.use_cassette('file_find') do
|
18
|
-
|
18
|
+
vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
|
19
19
|
|
20
20
|
# Make sure that the JSON was parsed
|
21
|
-
assert
|
22
|
-
assert
|
21
|
+
assert vt_file_report.exists?
|
22
|
+
assert vt_file_report.is_a?(VirustotalAPI::File)
|
23
|
+
assert vt_file_report.report.is_a?(Hash)
|
24
|
+
assert vt_file_report.id.is_a?(String)
|
25
|
+
assert vt_file_report.report_url.is_a?(String)
|
23
26
|
end
|
24
27
|
end
|
25
28
|
|
26
29
|
def test_find
|
27
|
-
|
28
|
-
|
30
|
+
id = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
|
31
|
+
permalink = "https://www.virustotal.com/api/v3/files/#{id}"
|
32
|
+
|
29
33
|
VCR.use_cassette('file_find') do
|
30
|
-
|
34
|
+
vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
|
31
35
|
|
32
|
-
|
33
|
-
assert_equal
|
36
|
+
assert_equal permalink, vt_file_report.report_url
|
37
|
+
assert_equal id, vt_file_report.id
|
38
|
+
assert vt_file_report.detected_by('Avira')
|
39
|
+
assert !vt_file_report.detected_by('Acronis')
|
40
|
+
assert !vt_file_report.detected_by('Yeyeyeye') # not present in file
|
34
41
|
end
|
35
42
|
end
|
36
43
|
|
37
44
|
def test_upload
|
38
45
|
VCR.use_cassette('file_upload') do
|
39
|
-
|
46
|
+
vt_file_upload = VirustotalAPI::File.upload(@file_path, @api_key)
|
40
47
|
|
41
|
-
assert
|
48
|
+
assert vt_file_upload.exists?
|
49
|
+
assert vt_file_upload.report.is_a?(Hash)
|
50
|
+
assert vt_file_upload.id.is_a?(String)
|
42
51
|
end
|
43
52
|
end
|
44
53
|
|
45
|
-
def
|
46
|
-
VCR.use_cassette('
|
47
|
-
|
54
|
+
def test_upload_large
|
55
|
+
VCR.use_cassette('large_file_upload') do
|
56
|
+
vt_file_upload = VirustotalAPI::File.upload_large(@file_path, @api_key)
|
48
57
|
|
49
|
-
assert
|
58
|
+
assert vt_file_upload.exists?
|
59
|
+
assert vt_file_upload.report.is_a?(Hash)
|
60
|
+
assert vt_file_upload.id.is_a?(String)
|
50
61
|
end
|
51
62
|
end
|
52
63
|
|
53
64
|
def test_analyse
|
54
65
|
VCR.use_cassette('file_analyse') do
|
55
|
-
|
56
|
-
|
57
|
-
assert virustotal_analyse.report.is_a?(Hash)
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def test_analyse_id
|
62
|
-
VCR.use_cassette('file_analyse') do
|
63
|
-
virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
|
66
|
+
vt_file_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
|
64
67
|
|
65
|
-
assert
|
68
|
+
assert vt_file_analyse.exists?
|
69
|
+
assert vt_file_analyse.report.is_a?(Hash)
|
70
|
+
assert vt_file_analyse.id.is_a?(String)
|
66
71
|
end
|
67
72
|
end
|
68
73
|
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
---
|
2
|
+
http_interactions:
|
3
|
+
- request:
|
4
|
+
method: get
|
5
|
+
uri: https://www.virustotal.com/api/v3/domains/xpressco.za
|
6
|
+
body:
|
7
|
+
encoding: US-ASCII
|
8
|
+
string: ''
|
9
|
+
headers:
|
10
|
+
Accept:
|
11
|
+
- "*/*"
|
12
|
+
User-Agent:
|
13
|
+
- rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
|
14
|
+
X-Apikey:
|
15
|
+
- testapikey
|
16
|
+
Content-Length:
|
17
|
+
- '0'
|
18
|
+
Content-Type:
|
19
|
+
- application/x-www-form-urlencoded
|
20
|
+
Accept-Encoding:
|
21
|
+
- gzip;q=1.0,deflate;q=0.6,identity;q=0.3
|
22
|
+
Host:
|
23
|
+
- www.virustotal.com
|
24
|
+
response:
|
25
|
+
status:
|
26
|
+
code: 400
|
27
|
+
message: Bad Request
|
28
|
+
headers:
|
29
|
+
Cache-Control:
|
30
|
+
- no-cache
|
31
|
+
Content-Type:
|
32
|
+
- application/json; charset=utf-8
|
33
|
+
X-Cloud-Trace-Context:
|
34
|
+
- f9f5f005efc95b0390a91fb6306201d6
|
35
|
+
Date:
|
36
|
+
- Mon, 28 Dec 2020 13:56:50 GMT
|
37
|
+
Server:
|
38
|
+
- Google Frontend
|
39
|
+
Content-Length:
|
40
|
+
- '138'
|
41
|
+
body:
|
42
|
+
encoding: UTF-8
|
43
|
+
string: |-
|
44
|
+
{
|
45
|
+
"error": {
|
46
|
+
"code": "InvalidArgumentError",
|
47
|
+
"message": "Domain \"xpressco.za\" is not a valid domain pattern"
|
48
|
+
}
|
49
|
+
}
|
50
|
+
http_version:
|
51
|
+
recorded_at: Mon, 28 Dec 2020 13:56:50 GMT
|
52
|
+
recorded_with: VCR 5.0.0
|
data/test/fixtures/file_find.yml
CHANGED
@@ -31,529 +31,166 @@ http_interactions:
|
|
31
31
|
Content-Type:
|
32
32
|
- application/json; charset=utf-8
|
33
33
|
X-Cloud-Trace-Context:
|
34
|
-
-
|
34
|
+
- 3dcde25d6fa7896edd5d4044bbc2682f
|
35
35
|
Date:
|
36
|
-
-
|
36
|
+
- Tue, 29 Sep 2020 10:22:19 GMT
|
37
37
|
Server:
|
38
38
|
- Google Frontend
|
39
39
|
Content-Length:
|
40
|
-
- '
|
40
|
+
- '33479'
|
41
41
|
body:
|
42
42
|
encoding: UTF-8
|
43
43
|
string: |-
|
44
44
|
{
|
45
45
|
"data": {
|
46
46
|
"attributes": {
|
47
|
-
"
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
"entry": "launchd.conf",
|
54
|
-
"location": "Startup Scripts"
|
55
|
-
},
|
56
|
-
{
|
57
|
-
"entry": " ",
|
58
|
-
"location": " "
|
59
|
-
},
|
60
|
-
{
|
61
|
-
"entry": "Trend Micro Toolbar",
|
62
|
-
"location": "Google Chrome Add-ons"
|
63
|
-
},
|
64
|
-
{
|
65
|
-
"entry": "mhuntagent",
|
66
|
-
"location": "Launch_Daemons"
|
67
|
-
},
|
68
|
-
{
|
69
|
-
"entry": "Tampermonkey",
|
70
|
-
"location": "Google Chrome Add-ons"
|
71
|
-
},
|
72
|
-
{
|
73
|
-
"entry": "LastPass: Free Password Manager",
|
74
|
-
"location": "Google Chrome Add-ons"
|
75
|
-
},
|
76
|
-
{
|
77
|
-
"entry": "Ace Script",
|
78
|
-
"location": "Google Chrome Add-ons"
|
79
|
-
},
|
80
|
-
{
|
81
|
-
"entry": "Webroot Password Manager",
|
82
|
-
"location": "Google Chrome Add-ons"
|
83
|
-
},
|
84
|
-
{
|
85
|
-
"entry": "1Password extension (desktop app required)",
|
86
|
-
"location": "Google Chrome Add-ons"
|
87
|
-
},
|
88
|
-
{
|
89
|
-
"entry": "QuickMark QR Code Extension",
|
90
|
-
"location": "Google Chrome Add-ons"
|
91
|
-
},
|
92
|
-
{
|
93
|
-
"entry": "ZoneAlarm Anti-Phishing",
|
94
|
-
"location": "Google Chrome Add-ons"
|
95
|
-
},
|
96
|
-
{
|
97
|
-
"entry": "Webroot Password Manager",
|
98
|
-
"location": "Mozilla Firefox Add-ons"
|
99
|
-
},
|
100
|
-
{
|
101
|
-
"entry": "Tampermonkey",
|
102
|
-
"location": "Chromium Add-ons"
|
103
|
-
},
|
104
|
-
{
|
105
|
-
"entry": "Solid Savings",
|
106
|
-
"location": "Mozilla Firefox Add-ons"
|
107
|
-
},
|
108
|
-
{
|
109
|
-
"entry": "Astrmenda Search",
|
110
|
-
"location": "Mozilla Firefox Add-ons"
|
111
|
-
},
|
112
|
-
{
|
113
|
-
"entry": "",
|
114
|
-
"location": "C:\\Windows\\Explorer.exe"
|
115
|
-
},
|
116
|
-
{
|
117
|
-
"entry": "LyricsSay-1",
|
118
|
-
"location": "Google Chrome Add-ons"
|
119
|
-
},
|
120
|
-
{
|
121
|
-
"entry": "Advanced HTML for Gmail/Outlook/Office365",
|
122
|
-
"location": "Google Chrome Add-ons"
|
123
|
-
},
|
124
|
-
{
|
125
|
-
"entry": "Vosteran Search",
|
126
|
-
"location": "Mozilla Firefox Add-ons"
|
127
|
-
},
|
128
|
-
{
|
129
|
-
"entry": "CinemaP-1.9cV20.10",
|
130
|
-
"location": "Google Chrome Add-ons"
|
131
|
-
},
|
132
|
-
{
|
133
|
-
"entry": "Supreme Savings",
|
134
|
-
"location": "Mozilla Firefox Add-ons"
|
135
|
-
},
|
136
|
-
{
|
137
|
-
"entry": "AOL Toolbar",
|
138
|
-
"location": "Mozilla Firefox Add-ons"
|
139
|
-
},
|
140
|
-
{
|
141
|
-
"entry": "rc.server",
|
142
|
-
"location": "Startup Scripts"
|
143
|
-
},
|
144
|
-
{
|
145
|
-
"entry": "Browser Backgrounds",
|
146
|
-
"location": "Mozilla Firefox Add-ons"
|
147
|
-
},
|
148
|
-
{
|
149
|
-
"entry": "LastPass",
|
150
|
-
"location": "Google Chrome Add-ons"
|
151
|
-
},
|
152
|
-
{
|
153
|
-
"entry": "Motorola Connect",
|
154
|
-
"location": "Google Chrome Add-ons"
|
155
|
-
},
|
156
|
-
{
|
157
|
-
"entry": "Tampermonkey BETA",
|
158
|
-
"location": "Google Chrome Add-ons"
|
159
|
-
},
|
160
|
-
{
|
161
|
-
"entry": "Check Point SandBlast Agent for Browsers",
|
162
|
-
"location": "Google Chrome Add-ons"
|
163
|
-
},
|
164
|
-
{
|
165
|
-
"entry": "Trend Micro Toolbar",
|
166
|
-
"location": "Chromium Add-ons"
|
167
|
-
},
|
168
|
-
{
|
169
|
-
"entry": "LastPass",
|
170
|
-
"location": "Mozilla Firefox Add-ons"
|
171
|
-
},
|
172
|
-
{
|
173
|
-
"entry": "Nano Adblocker",
|
174
|
-
"location": "Google Chrome Add-ons"
|
175
|
-
},
|
176
|
-
{
|
177
|
-
"entry": "",
|
178
|
-
"location": "undefined"
|
179
|
-
},
|
180
|
-
{
|
181
|
-
"entry": "923565845ab590c7d7fa8b6547b93748887497ab",
|
182
|
-
"location": "Login Items"
|
183
|
-
},
|
184
|
-
{
|
185
|
-
"entry": "Shutterfly Exporter",
|
186
|
-
"location": "Google Chrome Add-ons"
|
187
|
-
},
|
188
|
-
{
|
189
|
-
"entry": "Ripple Wallet",
|
190
|
-
"location": "Google Chrome Add-ons"
|
191
|
-
},
|
192
|
-
{
|
193
|
-
"entry": "CinemaHd For Pro 2.4cV10.01",
|
194
|
-
"location": "Opera Add-ons"
|
195
|
-
},
|
196
|
-
{
|
197
|
-
"entry": "Tamil FM and Online Radios",
|
198
|
-
"location": "Google Chrome Add-ons"
|
199
|
-
},
|
200
|
-
{
|
201
|
-
"entry": "M-Lab Measure",
|
202
|
-
"location": "Google Chrome Add-ons"
|
203
|
-
},
|
204
|
-
{
|
205
|
-
"entry": "LastPass",
|
206
|
-
"location": "Chromium Add-ons"
|
207
|
-
},
|
208
|
-
{
|
209
|
-
"entry": "Tampermonkey",
|
210
|
-
"location": "Opera Add-ons"
|
211
|
-
},
|
212
|
-
{
|
213
|
-
"entry": "Foxtrick",
|
214
|
-
"location": "Google Chrome Add-ons"
|
215
|
-
},
|
216
|
-
{
|
217
|
-
"entry": "Weather Now",
|
218
|
-
"location": "Google Chrome Add-ons"
|
219
|
-
},
|
220
|
-
{
|
221
|
-
"entry": "Ace Stream Web Extension",
|
222
|
-
"location": "Google Chrome Add-ons"
|
223
|
-
},
|
224
|
-
{
|
225
|
-
"entry": "CRM for Gmail",
|
226
|
-
"location": "Google Chrome Add-ons"
|
227
|
-
},
|
228
|
-
{
|
229
|
-
"entry": "Daily Horoscope",
|
230
|
-
"location": "Google Chrome Add-ons"
|
231
|
-
},
|
232
|
-
{
|
233
|
-
"entry": "HD-Quality-3.1V15.12",
|
234
|
-
"location": "Google Chrome Add-ons"
|
235
|
-
},
|
236
|
-
{
|
237
|
-
"entry": "Kaspersky Password Manager",
|
238
|
-
"location": "Mozilla Firefox Add-ons"
|
239
|
-
},
|
240
|
-
{
|
241
|
-
"entry": "Easy Deals",
|
242
|
-
"location": "Google Chrome Add-ons"
|
243
|
-
},
|
244
|
-
{
|
245
|
-
"entry": "Webroot",
|
246
|
-
"location": "Google Chrome Add-ons"
|
247
|
-
},
|
248
|
-
{
|
249
|
-
"entry": "Freeven pro",
|
250
|
-
"location": "Google Chrome Add-ons"
|
251
|
-
},
|
252
|
-
{
|
253
|
-
"entry": "Plus-HD-V1.6",
|
254
|
-
"location": "Google Chrome Add-ons"
|
255
|
-
},
|
256
|
-
{
|
257
|
-
"entry": "MyBrowser 1.0.2V24.08",
|
258
|
-
"location": "Google Chrome Add-ons"
|
259
|
-
},
|
260
|
-
{
|
261
|
-
"entry": "Webroot Password Manager",
|
262
|
-
"location": "Chromium Add-ons"
|
263
|
-
},
|
264
|
-
{
|
265
|
-
"entry": "Adblock Super",
|
266
|
-
"location": "Google Chrome Add-ons"
|
267
|
-
},
|
268
|
-
{
|
269
|
-
"entry": "SuperLyrics-1",
|
270
|
-
"location": "Google Chrome Add-ons"
|
271
|
-
},
|
272
|
-
{
|
273
|
-
"entry": "SavingsApp",
|
274
|
-
"location": "Mozilla Firefox Add-ons"
|
275
|
-
},
|
276
|
-
{
|
277
|
-
"entry": "Savings Sidekick",
|
278
|
-
"location": "Mozilla Firefox Add-ons"
|
279
|
-
},
|
280
|
-
{
|
281
|
-
"entry": "Ask Toolbar for Firefox",
|
282
|
-
"location": "Mozilla Firefox Add-ons"
|
283
|
-
},
|
284
|
-
{
|
285
|
-
"entry": "HD-Quality-3.1V11.12",
|
286
|
-
"location": "Google Chrome Add-ons"
|
287
|
-
},
|
288
|
-
{
|
289
|
-
"entry": "MyBrowser 1.0.2V16.09",
|
290
|
-
"location": "Google Chrome Add-ons"
|
291
|
-
},
|
292
|
-
{
|
293
|
-
"entry": "Astromenda Search Addon",
|
294
|
-
"location": "Mozilla Firefox Add-ons"
|
295
|
-
},
|
296
|
-
{
|
297
|
-
"entry": "StravistiX for Strava",
|
298
|
-
"location": "Google Chrome Add-ons"
|
299
|
-
},
|
300
|
-
{
|
301
|
-
"entry": "CinPlus-2.4cV24.12",
|
302
|
-
"location": "Google Chrome Add-ons"
|
303
|
-
},
|
304
|
-
{
|
305
|
-
"entry": "Ace Stream Web Extension",
|
306
|
-
"location": "Chromium Add-ons"
|
307
|
-
},
|
308
|
-
{
|
309
|
-
"entry": "CyberLink YouCam WebLogin",
|
310
|
-
"location": "Mozilla Firefox Add-ons"
|
311
|
-
},
|
312
|
-
{
|
313
|
-
"entry": "HQ-Video-Pro-2.1cV30.11",
|
314
|
-
"location": "Google Chrome Add-ons"
|
315
|
-
},
|
316
|
-
{
|
317
|
-
"entry": "Save to Pocket",
|
318
|
-
"location": "Google Chrome Add-ons"
|
319
|
-
},
|
320
|
-
{
|
321
|
-
"entry": "Cinema Plus v6V23.07",
|
322
|
-
"location": "Google Chrome Add-ons"
|
323
|
-
},
|
324
|
-
{
|
325
|
-
"entry": "PlusHD Cinema 2.1cV03.03",
|
326
|
-
"location": "Google Chrome Add-ons"
|
327
|
-
},
|
328
|
-
{
|
329
|
-
"entry": "Plus-HD-9.5",
|
330
|
-
"location": "Google Chrome Add-ons"
|
331
|
-
},
|
332
|
-
{
|
333
|
-
"entry": "",
|
334
|
-
"location": "HKLM/System/CurrentControlSet/Services/"
|
335
|
-
},
|
336
|
-
{
|
337
|
-
"entry": "Adblock",
|
338
|
-
"location": "Mozilla Firefox Add-ons"
|
339
|
-
},
|
340
|
-
{
|
341
|
-
"entry": "TubeSaver-16",
|
342
|
-
"location": "Mozilla Firefox Add-ons"
|
343
|
-
},
|
344
|
-
{
|
345
|
-
"entry": "FoxTrick",
|
346
|
-
"location": "Google Chrome Add-ons"
|
347
|
-
},
|
348
|
-
{
|
349
|
-
"entry": "HDQ-1.2cV26.12",
|
350
|
-
"location": "Opera Add-ons"
|
351
|
-
},
|
352
|
-
{
|
353
|
-
"entry": "CinePlus-1.44V09.11",
|
354
|
-
"location": "Google Chrome Add-ons"
|
355
|
-
},
|
356
|
-
{
|
357
|
-
"entry": "Shopping Sidekick",
|
358
|
-
"location": "Mozilla Firefox Add-ons"
|
359
|
-
},
|
360
|
-
{
|
361
|
-
"entry": "Feven 1.5",
|
362
|
-
"location": "Google Chrome Add-ons"
|
363
|
-
},
|
364
|
-
{
|
365
|
-
"entry": "CinemaP-1.9cV31.07",
|
366
|
-
"location": "Google Chrome Add-ons"
|
367
|
-
},
|
368
|
-
{
|
369
|
-
"entry": "CinemaPlus-4.5vV30.07",
|
370
|
-
"location": "Google Chrome Add-ons"
|
371
|
-
},
|
372
|
-
{
|
373
|
-
"entry": "Cinema_Plus_3.1rV28.10",
|
374
|
-
"location": "Google Chrome Add-ons"
|
375
|
-
},
|
376
|
-
{
|
377
|
-
"entry": "Coupon Companion Plugin",
|
378
|
-
"location": "Mozilla Firefox Add-ons"
|
379
|
-
},
|
380
|
-
{
|
381
|
-
"entry": "Plus-HD-2.6",
|
382
|
-
"location": "Mozilla Firefox Add-ons"
|
383
|
-
},
|
384
|
-
{
|
385
|
-
"entry": "CinemaP-1.9cV07.11",
|
386
|
-
"location": "Mozilla Firefox Add-ons"
|
387
|
-
},
|
388
|
-
{
|
389
|
-
"entry": "Plus-HD-9.3",
|
390
|
-
"location": "Google Chrome Add-ons"
|
391
|
-
},
|
392
|
-
{
|
393
|
-
"entry": "Cinema-Plus-1.2",
|
394
|
-
"location": "Google Chrome Add-ons"
|
395
|
-
},
|
396
|
-
{
|
397
|
-
"entry": "CinemaP-1.3c",
|
398
|
-
"location": "Google Chrome Add-ons"
|
399
|
-
},
|
400
|
-
{
|
401
|
-
"entry": "Firefox OS 1.3 Simulator",
|
402
|
-
"location": "Mozilla Firefox Add-ons"
|
403
|
-
},
|
404
|
-
{
|
405
|
-
"entry": "Cinema PlusV17.09",
|
406
|
-
"location": "Mozilla Firefox Add-ons"
|
407
|
-
},
|
408
|
-
{
|
409
|
-
"entry": "LyricsFan-2",
|
410
|
-
"location": "Google Chrome Add-ons"
|
411
|
-
},
|
412
|
-
{
|
413
|
-
"entry": "CinePlus-1.44V30.08",
|
414
|
-
"location": "Google Chrome Add-ons"
|
415
|
-
},
|
416
|
-
{
|
417
|
-
"entry": "CinemaPlus_1.3dV13.05",
|
418
|
-
"location": "Opera Add-ons"
|
419
|
-
},
|
420
|
-
{
|
421
|
-
"entry": "Plus-HD-V1.6c",
|
422
|
-
"location": "Mozilla Firefox Add-ons"
|
423
|
-
},
|
424
|
-
{
|
425
|
-
"entry": "HDtubeV1.6V31.10",
|
426
|
-
"location": "Google Chrome Add-ons"
|
427
|
-
},
|
428
|
-
{
|
429
|
-
"entry": "Cinema PlusV26.03",
|
430
|
-
"location": "Opera Add-ons"
|
431
|
-
},
|
432
|
-
{
|
433
|
-
"entry": "HQ Video Pro 2.1cV16.06",
|
434
|
-
"location": "Google Chrome Add-ons"
|
435
|
-
},
|
436
|
-
{
|
437
|
-
"entry": "Plus-HD-9.6",
|
438
|
-
"location": "Mozilla Firefox Add-ons"
|
439
|
-
}
|
440
|
-
],
|
47
|
+
"authentihash": "59f506734a1bedf95e871bc95eb38dae2aede7b48986e2108021c584bb53c685",
|
48
|
+
"creation_date": 1330865387,
|
49
|
+
"dot_net_guids": {
|
50
|
+
"mvid": "5beaa6c7-a8b7-46a2-a2cd-5d878c3b22e6",
|
51
|
+
"typelib_id": "728093e4-7457-46be-8e8e-0fdee382cfff"
|
52
|
+
},
|
441
53
|
"downloadable": true,
|
442
54
|
"exiftool": {
|
443
|
-
"
|
444
|
-
"
|
445
|
-
"
|
446
|
-
"
|
447
|
-
"
|
448
|
-
"
|
449
|
-
"
|
55
|
+
"AssemblyVersion": "1.3.0.0",
|
56
|
+
"CharacterSet": "Unicode",
|
57
|
+
"CodeSize": "15360",
|
58
|
+
"EntryPoint": "0x5bde",
|
59
|
+
"FileFlagsMask": "0x003f",
|
60
|
+
"FileOS": "Win32",
|
61
|
+
"FileSubtype": "0",
|
62
|
+
"FileType": "Win32 EXE",
|
63
|
+
"FileTypeExtension": "exe",
|
64
|
+
"FileVersion": "1.3.0.0",
|
65
|
+
"FileVersionNumber": "1.3.0.0",
|
66
|
+
"ImageFileCharacteristics": "Executable, 32-bit",
|
67
|
+
"ImageVersion": "0.0",
|
68
|
+
"InitializedDataSize": "5120",
|
69
|
+
"InternalName": "WindowsApplication1.exe",
|
70
|
+
"LanguageCode": "Neutral",
|
71
|
+
"LegalCopyright": "WindowsApplication1",
|
72
|
+
"LegalTrademarks": "WindowsApplication1",
|
73
|
+
"LinkerVersion": "8.0",
|
74
|
+
"MIMEType": "application/octet-stream",
|
75
|
+
"MachineType": "Intel 386 or later, and compatibles",
|
76
|
+
"OSVersion": "4.0",
|
77
|
+
"ObjectFileType": "Executable application",
|
78
|
+
"OriginalFileName": "WindowsApplication1.exe",
|
79
|
+
"PEType": "PE32",
|
80
|
+
"ProductVersion": "1.3.0.0",
|
81
|
+
"ProductVersionNumber": "1.3.0.0",
|
82
|
+
"Subsystem": "Windows GUI",
|
83
|
+
"SubsystemVersion": "4.0",
|
84
|
+
"TimeStamp": "2012:03:04 13:49:47+01:00",
|
85
|
+
"UninitializedDataSize": "0"
|
450
86
|
},
|
451
|
-
"
|
452
|
-
"
|
87
|
+
"first_seen_itw_date": 1309516636,
|
88
|
+
"first_submission_date": 1331065880,
|
89
|
+
"last_analysis_date": 1571882366,
|
453
90
|
"last_analysis_results": {
|
454
91
|
"ALYac": {
|
455
|
-
"category": "
|
92
|
+
"category": "malicious",
|
456
93
|
"engine_name": "ALYac",
|
457
|
-
"engine_update": "
|
94
|
+
"engine_update": "20191024",
|
458
95
|
"engine_version": "1.1.1.5",
|
459
96
|
"method": "blacklist",
|
460
|
-
"result":
|
97
|
+
"result": "Gen:Variant.Razy.448897"
|
461
98
|
},
|
462
99
|
"APEX": {
|
463
|
-
"category": "
|
100
|
+
"category": "malicious",
|
464
101
|
"engine_name": "APEX",
|
465
|
-
"engine_update": "
|
466
|
-
"engine_version": "
|
102
|
+
"engine_update": "20191022",
|
103
|
+
"engine_version": "5.76",
|
467
104
|
"method": "blacklist",
|
468
|
-
"result":
|
105
|
+
"result": "Malicious"
|
469
106
|
},
|
470
107
|
"AVG": {
|
471
|
-
"category": "
|
108
|
+
"category": "malicious",
|
472
109
|
"engine_name": "AVG",
|
473
|
-
"engine_update": "
|
110
|
+
"engine_update": "20191024",
|
474
111
|
"engine_version": "18.4.3895.0",
|
475
112
|
"method": "blacklist",
|
476
|
-
"result":
|
113
|
+
"result": "MSIL:GenMalicious-BHV [Trj]"
|
477
114
|
},
|
478
115
|
"Acronis": {
|
479
|
-
"category": "
|
116
|
+
"category": "undetected",
|
480
117
|
"engine_name": "Acronis",
|
481
|
-
"engine_update": "
|
482
|
-
"engine_version": "1.1.1.
|
118
|
+
"engine_update": "20191018",
|
119
|
+
"engine_version": "1.1.1.58",
|
483
120
|
"method": "blacklist",
|
484
121
|
"result": null
|
485
122
|
},
|
486
123
|
"Ad-Aware": {
|
487
|
-
"category": "
|
124
|
+
"category": "malicious",
|
488
125
|
"engine_name": "Ad-Aware",
|
489
|
-
"engine_update": "
|
490
|
-
"engine_version": "3.0.
|
126
|
+
"engine_update": "20191024",
|
127
|
+
"engine_version": "3.0.5.370",
|
491
128
|
"method": "blacklist",
|
492
|
-
"result":
|
129
|
+
"result": "Gen:Variant.Razy.448897"
|
493
130
|
},
|
494
131
|
"AegisLab": {
|
495
|
-
"category": "
|
132
|
+
"category": "malicious",
|
496
133
|
"engine_name": "AegisLab",
|
497
|
-
"engine_update": "
|
134
|
+
"engine_update": "20191024",
|
498
135
|
"engine_version": "4.2",
|
499
136
|
"method": "blacklist",
|
500
|
-
"result":
|
137
|
+
"result": "Adware.MSIL.Generic.lxai"
|
501
138
|
},
|
502
139
|
"AhnLab-V3": {
|
503
|
-
"category": "
|
140
|
+
"category": "malicious",
|
504
141
|
"engine_name": "AhnLab-V3",
|
505
|
-
"engine_update": "
|
506
|
-
"engine_version": "3.
|
142
|
+
"engine_update": "20191024",
|
143
|
+
"engine_version": "3.16.3.25410",
|
507
144
|
"method": "blacklist",
|
508
|
-
"result":
|
145
|
+
"result": "Win-Trojan/MSILKrypt09.Exp"
|
509
146
|
},
|
510
147
|
"Alibaba": {
|
511
|
-
"category": "
|
148
|
+
"category": "malicious",
|
512
149
|
"engine_name": "Alibaba",
|
513
150
|
"engine_update": "20190527",
|
514
151
|
"engine_version": "0.3.0.5",
|
515
152
|
"method": "blacklist",
|
516
|
-
"result":
|
153
|
+
"result": "Backdoor:Win32/Fynloski.ddc60b83"
|
517
154
|
},
|
518
155
|
"Antiy-AVL": {
|
519
|
-
"category": "
|
156
|
+
"category": "malicious",
|
520
157
|
"engine_name": "Antiy-AVL",
|
521
|
-
"engine_update": "
|
158
|
+
"engine_update": "20191024",
|
522
159
|
"engine_version": "3.0.0.1",
|
523
160
|
"method": "blacklist",
|
524
|
-
"result":
|
161
|
+
"result": "Trojan/Win32.Inject"
|
525
162
|
},
|
526
163
|
"Arcabit": {
|
527
|
-
"category": "
|
164
|
+
"category": "malicious",
|
528
165
|
"engine_name": "Arcabit",
|
529
|
-
"engine_update": "
|
530
|
-
"engine_version": "1.0.0.
|
166
|
+
"engine_update": "20191024",
|
167
|
+
"engine_version": "1.0.0.861",
|
531
168
|
"method": "blacklist",
|
532
|
-
"result":
|
169
|
+
"result": "Trojan.Razy.D6D981"
|
533
170
|
},
|
534
171
|
"Avast": {
|
535
|
-
"category": "
|
172
|
+
"category": "malicious",
|
536
173
|
"engine_name": "Avast",
|
537
|
-
"engine_update": "
|
174
|
+
"engine_update": "20191024",
|
538
175
|
"engine_version": "18.4.3895.0",
|
539
176
|
"method": "blacklist",
|
540
|
-
"result":
|
177
|
+
"result": "MSIL:GenMalicious-BHV [Trj]"
|
541
178
|
},
|
542
179
|
"Avast-Mobile": {
|
543
|
-
"category": "
|
180
|
+
"category": "undetected",
|
544
181
|
"engine_name": "Avast-Mobile",
|
545
|
-
"engine_update": "
|
546
|
-
"engine_version": "
|
182
|
+
"engine_update": "20191012",
|
183
|
+
"engine_version": "191012-04",
|
547
184
|
"method": "blacklist",
|
548
185
|
"result": null
|
549
186
|
},
|
550
187
|
"Avira": {
|
551
|
-
"category": "
|
188
|
+
"category": "malicious",
|
552
189
|
"engine_name": "Avira",
|
553
|
-
"engine_update": "
|
190
|
+
"engine_update": "20191023",
|
554
191
|
"engine_version": "8.3.3.8",
|
555
192
|
"method": "blacklist",
|
556
|
-
"result":
|
193
|
+
"result": "TR/Dropper.Gen"
|
557
194
|
},
|
558
195
|
"Baidu": {
|
559
196
|
"category": "undetected",
|
@@ -564,353 +201,345 @@ http_interactions:
|
|
564
201
|
"result": null
|
565
202
|
},
|
566
203
|
"BitDefender": {
|
567
|
-
"category": "
|
204
|
+
"category": "malicious",
|
568
205
|
"engine_name": "BitDefender",
|
569
|
-
"engine_update": "
|
206
|
+
"engine_update": "20191024",
|
570
207
|
"engine_version": "7.2",
|
571
208
|
"method": "blacklist",
|
572
|
-
"result":
|
573
|
-
},
|
574
|
-
"BitDefenderTheta": {
|
575
|
-
"category": "undetected",
|
576
|
-
"engine_name": "BitDefenderTheta",
|
577
|
-
"engine_update": "20200902",
|
578
|
-
"engine_version": "7.2.37796.0",
|
579
|
-
"method": "blacklist",
|
580
|
-
"result": null
|
209
|
+
"result": "Gen:Variant.Razy.448897"
|
581
210
|
},
|
582
211
|
"Bkav": {
|
583
212
|
"category": "undetected",
|
584
213
|
"engine_name": "Bkav",
|
585
|
-
"engine_update": "
|
586
|
-
"engine_version": "1.3.0.
|
214
|
+
"engine_update": "20191023",
|
215
|
+
"engine_version": "1.3.0.10239",
|
587
216
|
"method": "blacklist",
|
588
217
|
"result": null
|
589
218
|
},
|
590
219
|
"CAT-QuickHeal": {
|
591
|
-
"category": "
|
220
|
+
"category": "malicious",
|
592
221
|
"engine_name": "CAT-QuickHeal",
|
593
|
-
"engine_update": "
|
222
|
+
"engine_update": "20191022",
|
594
223
|
"engine_version": "14.00",
|
595
224
|
"method": "blacklist",
|
596
|
-
"result":
|
225
|
+
"result": "Trojan.GenericFC.S6053517"
|
597
226
|
},
|
598
227
|
"CMC": {
|
599
|
-
"category": "
|
228
|
+
"category": "malicious",
|
600
229
|
"engine_name": "CMC",
|
601
|
-
"engine_update": "
|
602
|
-
"engine_version": "
|
230
|
+
"engine_update": "20190321",
|
231
|
+
"engine_version": "1.1.0.977",
|
603
232
|
"method": "blacklist",
|
604
|
-
"result":
|
233
|
+
"result": "Trojan.MSIL.Agent!O"
|
605
234
|
},
|
606
235
|
"ClamAV": {
|
607
|
-
"category": "
|
236
|
+
"category": "malicious",
|
608
237
|
"engine_name": "ClamAV",
|
609
|
-
"engine_update": "
|
610
|
-
"engine_version": "0.102.
|
238
|
+
"engine_update": "20191023",
|
239
|
+
"engine_version": "0.102.0.0",
|
611
240
|
"method": "blacklist",
|
612
|
-
"result":
|
241
|
+
"result": "Win.Trojan.Agent-1389032"
|
613
242
|
},
|
614
243
|
"Comodo": {
|
615
|
-
"category": "
|
244
|
+
"category": "malicious",
|
616
245
|
"engine_name": "Comodo",
|
617
|
-
"engine_update": "
|
618
|
-
"engine_version": "
|
246
|
+
"engine_update": "20191024",
|
247
|
+
"engine_version": "31639",
|
619
248
|
"method": "blacklist",
|
620
|
-
"result":
|
249
|
+
"result": "TrojWare.MSIL.TrojanDropper.Agent.VX@4na2u0"
|
621
250
|
},
|
622
251
|
"CrowdStrike": {
|
623
|
-
"category": "
|
252
|
+
"category": "malicious",
|
624
253
|
"engine_name": "CrowdStrike",
|
625
254
|
"engine_update": "20190702",
|
626
255
|
"engine_version": "1.0",
|
627
256
|
"method": "blacklist",
|
628
|
-
"result":
|
257
|
+
"result": "win/malicious_confidence_100% (D)"
|
629
258
|
},
|
630
259
|
"Cybereason": {
|
631
|
-
"category": "
|
260
|
+
"category": "malicious",
|
632
261
|
"engine_name": "Cybereason",
|
633
262
|
"engine_update": "20190616",
|
634
263
|
"engine_version": "1.2.449",
|
635
264
|
"method": "blacklist",
|
636
|
-
"result":
|
265
|
+
"result": "malicious.f5a002"
|
637
266
|
},
|
638
267
|
"Cylance": {
|
639
|
-
"category": "
|
268
|
+
"category": "malicious",
|
640
269
|
"engine_name": "Cylance",
|
641
|
-
"engine_update": "
|
270
|
+
"engine_update": "20191024",
|
642
271
|
"engine_version": "2.3.1.101",
|
643
272
|
"method": "blacklist",
|
644
|
-
"result":
|
645
|
-
},
|
646
|
-
"Cynet": {
|
647
|
-
"category": "undetected",
|
648
|
-
"engine_name": "Cynet",
|
649
|
-
"engine_update": "20200902",
|
650
|
-
"engine_version": "4.0.0.24",
|
651
|
-
"method": "blacklist",
|
652
|
-
"result": null
|
273
|
+
"result": "Unsafe"
|
653
274
|
},
|
654
275
|
"Cyren": {
|
655
|
-
"category": "
|
276
|
+
"category": "malicious",
|
656
277
|
"engine_name": "Cyren",
|
657
|
-
"engine_update": "
|
658
|
-
"engine_version": "6.
|
278
|
+
"engine_update": "20191024",
|
279
|
+
"engine_version": "6.2.2.2",
|
659
280
|
"method": "blacklist",
|
660
|
-
"result":
|
281
|
+
"result": "W32/A-7f374f2a!Eldorado"
|
661
282
|
},
|
662
283
|
"DrWeb": {
|
663
|
-
"category": "
|
284
|
+
"category": "malicious",
|
664
285
|
"engine_name": "DrWeb",
|
665
|
-
"engine_update": "
|
666
|
-
"engine_version": "7.0.
|
286
|
+
"engine_update": "20191024",
|
287
|
+
"engine_version": "7.0.41.7240",
|
667
288
|
"method": "blacklist",
|
668
|
-
"result":
|
289
|
+
"result": "Win32.HLLW.Autoruner.25074"
|
669
290
|
},
|
670
291
|
"ESET-NOD32": {
|
671
|
-
"category": "
|
292
|
+
"category": "malicious",
|
672
293
|
"engine_name": "ESET-NOD32",
|
673
|
-
"engine_update": "
|
674
|
-
"engine_version": "
|
294
|
+
"engine_update": "20191024",
|
295
|
+
"engine_version": "20231",
|
675
296
|
"method": "blacklist",
|
676
|
-
"result":
|
677
|
-
},
|
678
|
-
"Elastic": {
|
679
|
-
"category": "type-unsupported",
|
680
|
-
"engine_name": "Elastic",
|
681
|
-
"engine_update": "20200831",
|
682
|
-
"engine_version": "4.0.8",
|
683
|
-
"method": "blacklist",
|
684
|
-
"result": null
|
297
|
+
"result": "a variant of MSIL/Injector.VX"
|
685
298
|
},
|
686
299
|
"Emsisoft": {
|
687
|
-
"category": "
|
300
|
+
"category": "malicious",
|
688
301
|
"engine_name": "Emsisoft",
|
689
|
-
"engine_update": "
|
302
|
+
"engine_update": "20191024",
|
690
303
|
"engine_version": "2018.12.0.1641",
|
691
304
|
"method": "blacklist",
|
692
|
-
"result":
|
305
|
+
"result": "Gen:Variant.Razy.448897 (B)"
|
306
|
+
},
|
307
|
+
"Endgame": {
|
308
|
+
"category": "malicious",
|
309
|
+
"engine_name": "Endgame",
|
310
|
+
"engine_update": "20190918",
|
311
|
+
"engine_version": "3.0.15",
|
312
|
+
"method": "blacklist",
|
313
|
+
"result": "malicious (high confidence)"
|
314
|
+
},
|
315
|
+
"F-Prot": {
|
316
|
+
"category": "malicious",
|
317
|
+
"engine_name": "F-Prot",
|
318
|
+
"engine_update": "20191024",
|
319
|
+
"engine_version": "4.7.1.166",
|
320
|
+
"method": "blacklist",
|
321
|
+
"result": "W32/A-7f374f2a!Eldorado"
|
693
322
|
},
|
694
323
|
"F-Secure": {
|
695
|
-
"category": "
|
324
|
+
"category": "malicious",
|
696
325
|
"engine_name": "F-Secure",
|
697
|
-
"engine_update": "
|
326
|
+
"engine_update": "20191024",
|
698
327
|
"engine_version": "12.0.86.52",
|
699
328
|
"method": "blacklist",
|
700
|
-
"result":
|
329
|
+
"result": "Trojan.TR/Dropper.Gen"
|
701
330
|
},
|
702
331
|
"FireEye": {
|
703
|
-
"category": "
|
332
|
+
"category": "malicious",
|
704
333
|
"engine_name": "FireEye",
|
705
|
-
"engine_update": "
|
706
|
-
"engine_version": "
|
334
|
+
"engine_update": "20191024",
|
335
|
+
"engine_version": "29.7.0.0",
|
707
336
|
"method": "blacklist",
|
708
|
-
"result":
|
337
|
+
"result": "Generic.mg.e2a1373f5a0024b8"
|
709
338
|
},
|
710
339
|
"Fortinet": {
|
711
|
-
"category": "
|
340
|
+
"category": "malicious",
|
712
341
|
"engine_name": "Fortinet",
|
713
|
-
"engine_update": "
|
714
|
-
"engine_version": "
|
342
|
+
"engine_update": "20191024",
|
343
|
+
"engine_version": "5.4.247.0",
|
715
344
|
"method": "blacklist",
|
716
|
-
"result":
|
345
|
+
"result": "MSIL/Injector.VCX!tr"
|
717
346
|
},
|
718
347
|
"GData": {
|
719
|
-
"category": "
|
348
|
+
"category": "malicious",
|
720
349
|
"engine_name": "GData",
|
721
|
-
"engine_update": "
|
722
|
-
"engine_version": "A:25.
|
350
|
+
"engine_update": "20191024",
|
351
|
+
"engine_version": "A:25.23753B:26.16399",
|
723
352
|
"method": "blacklist",
|
724
|
-
"result":
|
353
|
+
"result": "Gen:Variant.Razy.448897"
|
725
354
|
},
|
726
355
|
"Ikarus": {
|
727
|
-
"category": "
|
356
|
+
"category": "malicious",
|
728
357
|
"engine_name": "Ikarus",
|
729
|
-
"engine_update": "
|
358
|
+
"engine_update": "20191023",
|
730
359
|
"engine_version": "0.1.5.2",
|
731
360
|
"method": "blacklist",
|
732
|
-
"result":
|
361
|
+
"result": "Trojan-Dropper"
|
733
362
|
},
|
734
363
|
"Invincea": {
|
735
|
-
"category": "
|
364
|
+
"category": "malicious",
|
736
365
|
"engine_name": "Invincea",
|
737
|
-
"engine_update": "
|
738
|
-
"engine_version": "
|
366
|
+
"engine_update": "20190904",
|
367
|
+
"engine_version": "6.3.6.26157",
|
739
368
|
"method": "blacklist",
|
740
|
-
"result":
|
369
|
+
"result": "heuristic"
|
741
370
|
},
|
742
371
|
"Jiangmin": {
|
743
|
-
"category": "
|
372
|
+
"category": "malicious",
|
744
373
|
"engine_name": "Jiangmin",
|
745
|
-
"engine_update": "
|
374
|
+
"engine_update": "20191024",
|
746
375
|
"engine_version": "16.0.100",
|
747
376
|
"method": "blacklist",
|
748
|
-
"result":
|
377
|
+
"result": "Trojan.Generic.adixj"
|
749
378
|
},
|
750
379
|
"K7AntiVirus": {
|
751
|
-
"category": "
|
380
|
+
"category": "malicious",
|
752
381
|
"engine_name": "K7AntiVirus",
|
753
|
-
"engine_update": "
|
754
|
-
"engine_version": "11.
|
382
|
+
"engine_update": "20191023",
|
383
|
+
"engine_version": "11.74.32344",
|
755
384
|
"method": "blacklist",
|
756
|
-
"result":
|
385
|
+
"result": "Trojan ( 00363f4b1 )"
|
757
386
|
},
|
758
387
|
"K7GW": {
|
759
|
-
"category": "
|
388
|
+
"category": "malicious",
|
760
389
|
"engine_name": "K7GW",
|
761
|
-
"engine_update": "
|
762
|
-
"engine_version": "11.
|
390
|
+
"engine_update": "20191023",
|
391
|
+
"engine_version": "11.74.32341",
|
763
392
|
"method": "blacklist",
|
764
|
-
"result":
|
393
|
+
"result": "Trojan ( 00363f4b1 )"
|
765
394
|
},
|
766
395
|
"Kaspersky": {
|
767
|
-
"category": "
|
396
|
+
"category": "malicious",
|
768
397
|
"engine_name": "Kaspersky",
|
769
|
-
"engine_update": "
|
398
|
+
"engine_update": "20191024",
|
770
399
|
"engine_version": "15.0.1.13",
|
771
400
|
"method": "blacklist",
|
772
|
-
"result":
|
401
|
+
"result": "HEUR:Trojan.Win32.Generic"
|
773
402
|
},
|
774
403
|
"Kingsoft": {
|
775
404
|
"category": "undetected",
|
776
405
|
"engine_name": "Kingsoft",
|
777
|
-
"engine_update": "
|
406
|
+
"engine_update": "20191024",
|
778
407
|
"engine_version": "2013.8.14.323",
|
779
408
|
"method": "blacklist",
|
780
409
|
"result": null
|
781
410
|
},
|
782
411
|
"MAX": {
|
783
|
-
"category": "
|
412
|
+
"category": "malicious",
|
784
413
|
"engine_name": "MAX",
|
785
|
-
"engine_update": "
|
414
|
+
"engine_update": "20191024",
|
786
415
|
"engine_version": "2019.9.16.1",
|
787
416
|
"method": "blacklist",
|
788
|
-
"result":
|
417
|
+
"result": "malware (ai score=98)"
|
789
418
|
},
|
790
419
|
"Malwarebytes": {
|
791
|
-
"category": "
|
420
|
+
"category": "malicious",
|
792
421
|
"engine_name": "Malwarebytes",
|
793
|
-
"engine_update": "
|
794
|
-
"engine_version": "
|
422
|
+
"engine_update": "20191024",
|
423
|
+
"engine_version": "2.1.1.1115",
|
795
424
|
"method": "blacklist",
|
796
|
-
"result":
|
425
|
+
"result": "Worm.Ainslot"
|
797
426
|
},
|
798
427
|
"MaxSecure": {
|
799
428
|
"category": "undetected",
|
800
429
|
"engine_name": "MaxSecure",
|
801
|
-
"engine_update": "
|
430
|
+
"engine_update": "20191021",
|
802
431
|
"engine_version": "1.0.0.1",
|
803
432
|
"method": "blacklist",
|
804
433
|
"result": null
|
805
434
|
},
|
806
435
|
"McAfee": {
|
807
|
-
"category": "
|
436
|
+
"category": "malicious",
|
808
437
|
"engine_name": "McAfee",
|
809
|
-
"engine_update": "
|
438
|
+
"engine_update": "20191024",
|
810
439
|
"engine_version": "6.0.6.653",
|
811
440
|
"method": "blacklist",
|
812
|
-
"result":
|
441
|
+
"result": "GenericRXAL-AY!E2A1373F5A00"
|
442
|
+
},
|
443
|
+
"McAfee-GW-Edition": {
|
444
|
+
"category": "malicious",
|
445
|
+
"engine_name": "McAfee-GW-Edition",
|
446
|
+
"engine_update": "20191023",
|
447
|
+
"engine_version": "v2017.3010",
|
448
|
+
"method": "blacklist",
|
449
|
+
"result": "GenericRXAL-AY!E2A1373F5A00"
|
813
450
|
},
|
814
451
|
"MicroWorld-eScan": {
|
815
|
-
"category": "
|
452
|
+
"category": "malicious",
|
816
453
|
"engine_name": "MicroWorld-eScan",
|
817
|
-
"engine_update": "
|
818
|
-
"engine_version": "14.0.
|
454
|
+
"engine_update": "20191024",
|
455
|
+
"engine_version": "14.0.297.0",
|
819
456
|
"method": "blacklist",
|
820
|
-
"result":
|
457
|
+
"result": "Gen:Variant.Razy.448897"
|
821
458
|
},
|
822
459
|
"Microsoft": {
|
823
|
-
"category": "
|
460
|
+
"category": "malicious",
|
824
461
|
"engine_name": "Microsoft",
|
825
|
-
"engine_update": "
|
826
|
-
"engine_version": "1.1.
|
462
|
+
"engine_update": "20191024",
|
463
|
+
"engine_version": "1.1.16500.1",
|
827
464
|
"method": "blacklist",
|
828
|
-
"result":
|
465
|
+
"result": "Backdoor:Win32/Fynloski.A"
|
829
466
|
},
|
830
467
|
"NANO-Antivirus": {
|
831
|
-
"category": "
|
468
|
+
"category": "malicious",
|
832
469
|
"engine_name": "NANO-Antivirus",
|
833
|
-
"engine_update": "
|
834
|
-
"engine_version": "1.0.134.
|
470
|
+
"engine_update": "20191024",
|
471
|
+
"engine_version": "1.0.134.24859",
|
835
472
|
"method": "blacklist",
|
836
|
-
"result":
|
473
|
+
"result": "Trojan.Win32.Win32.dccrbj"
|
837
474
|
},
|
838
475
|
"Paloalto": {
|
839
|
-
"category": "
|
476
|
+
"category": "undetected",
|
840
477
|
"engine_name": "Paloalto",
|
841
|
-
"engine_update": "
|
478
|
+
"engine_update": "20191024",
|
842
479
|
"engine_version": "1.0",
|
843
480
|
"method": "blacklist",
|
844
481
|
"result": null
|
845
482
|
},
|
846
483
|
"Panda": {
|
847
|
-
"category": "
|
484
|
+
"category": "malicious",
|
848
485
|
"engine_name": "Panda",
|
849
|
-
"engine_update": "
|
486
|
+
"engine_update": "20191023",
|
850
487
|
"engine_version": "4.6.4.2",
|
851
488
|
"method": "blacklist",
|
852
|
-
"result":
|
489
|
+
"result": "Generic Malware"
|
853
490
|
},
|
854
491
|
"Qihoo-360": {
|
855
|
-
"category": "
|
492
|
+
"category": "malicious",
|
856
493
|
"engine_name": "Qihoo-360",
|
857
|
-
"engine_update": "
|
494
|
+
"engine_update": "20191024",
|
858
495
|
"engine_version": "1.0.0.1120",
|
859
496
|
"method": "blacklist",
|
860
|
-
"result":
|
497
|
+
"result": "HEUR/Malware.QVM03.Gen"
|
861
498
|
},
|
862
499
|
"Rising": {
|
863
|
-
"category": "
|
500
|
+
"category": "malicious",
|
864
501
|
"engine_name": "Rising",
|
865
|
-
"engine_update": "
|
866
|
-
"engine_version": "25.0.0.
|
502
|
+
"engine_update": "20191024",
|
503
|
+
"engine_version": "25.0.0.24",
|
867
504
|
"method": "blacklist",
|
868
|
-
"result":
|
505
|
+
"result": "Backdoor.Fynloski!8.1FD (TFE:C:qcZJhR0LIuT)"
|
869
506
|
},
|
870
507
|
"SUPERAntiSpyware": {
|
871
|
-
"category": "
|
508
|
+
"category": "malicious",
|
872
509
|
"engine_name": "SUPERAntiSpyware",
|
873
|
-
"engine_update": "
|
510
|
+
"engine_update": "20191019",
|
874
511
|
"engine_version": "5.6.0.1032",
|
875
512
|
"method": "blacklist",
|
876
|
-
"result":
|
877
|
-
},
|
878
|
-
"Sangfor": {
|
879
|
-
"category": "undetected",
|
880
|
-
"engine_name": "Sangfor",
|
881
|
-
"engine_update": "20200814",
|
882
|
-
"engine_version": "1.0",
|
883
|
-
"method": "blacklist",
|
884
|
-
"result": null
|
513
|
+
"result": "Trojan.Agent/Gen-Injector"
|
885
514
|
},
|
886
515
|
"SentinelOne": {
|
887
|
-
"category": "
|
516
|
+
"category": "malicious",
|
888
517
|
"engine_name": "SentinelOne",
|
889
|
-
"engine_update": "
|
890
|
-
"engine_version": "
|
518
|
+
"engine_update": "20190807",
|
519
|
+
"engine_version": "1.0.31.22",
|
891
520
|
"method": "blacklist",
|
892
|
-
"result":
|
521
|
+
"result": "DFI - Malicious PE"
|
893
522
|
},
|
894
523
|
"Sophos": {
|
895
|
-
"category": "
|
524
|
+
"category": "malicious",
|
896
525
|
"engine_name": "Sophos",
|
897
|
-
"engine_update": "
|
526
|
+
"engine_update": "20191023",
|
898
527
|
"engine_version": "4.98.0",
|
899
528
|
"method": "blacklist",
|
900
|
-
"result":
|
529
|
+
"result": "Mal/Generic-S"
|
901
530
|
},
|
902
531
|
"Symantec": {
|
903
|
-
"category": "
|
532
|
+
"category": "malicious",
|
904
533
|
"engine_name": "Symantec",
|
905
|
-
"engine_update": "
|
906
|
-
"engine_version": "1.
|
534
|
+
"engine_update": "20191023",
|
535
|
+
"engine_version": "1.11.0.0",
|
907
536
|
"method": "blacklist",
|
908
|
-
"result":
|
537
|
+
"result": "ML.Attribute.HighConfidence"
|
909
538
|
},
|
910
539
|
"SymantecMobileInsight": {
|
911
540
|
"category": "type-unsupported",
|
912
541
|
"engine_name": "SymantecMobileInsight",
|
913
|
-
"engine_update": "
|
542
|
+
"engine_update": "20191023",
|
914
543
|
"engine_version": "2.0",
|
915
544
|
"method": "blacklist",
|
916
545
|
"result": null
|
@@ -918,15 +547,15 @@ http_interactions:
|
|
918
547
|
"TACHYON": {
|
919
548
|
"category": "undetected",
|
920
549
|
"engine_name": "TACHYON",
|
921
|
-
"engine_update": "
|
922
|
-
"engine_version": "
|
550
|
+
"engine_update": "20191024",
|
551
|
+
"engine_version": "2019-10-24.01",
|
923
552
|
"method": "blacklist",
|
924
553
|
"result": null
|
925
554
|
},
|
926
555
|
"Tencent": {
|
927
556
|
"category": "undetected",
|
928
557
|
"engine_name": "Tencent",
|
929
|
-
"engine_update": "
|
558
|
+
"engine_update": "20191024",
|
930
559
|
"engine_version": "1.0.0.1",
|
931
560
|
"method": "blacklist",
|
932
561
|
"result": null
|
@@ -934,104 +563,104 @@ http_interactions:
|
|
934
563
|
"TotalDefense": {
|
935
564
|
"category": "undetected",
|
936
565
|
"engine_name": "TotalDefense",
|
937
|
-
"engine_update": "
|
566
|
+
"engine_update": "20191023",
|
938
567
|
"engine_version": "37.1.62.1",
|
939
568
|
"method": "blacklist",
|
940
569
|
"result": null
|
941
570
|
},
|
942
|
-
"
|
571
|
+
"Trapmine": {
|
943
572
|
"category": "undetected",
|
573
|
+
"engine_name": "Trapmine",
|
574
|
+
"engine_update": "20190826",
|
575
|
+
"engine_version": "3.1.81.800",
|
576
|
+
"method": "blacklist",
|
577
|
+
"result": null
|
578
|
+
},
|
579
|
+
"TrendMicro": {
|
580
|
+
"category": "malicious",
|
944
581
|
"engine_name": "TrendMicro",
|
945
|
-
"engine_update": "
|
582
|
+
"engine_update": "20191024",
|
946
583
|
"engine_version": "11.0.0.1006",
|
947
584
|
"method": "blacklist",
|
948
|
-
"result":
|
585
|
+
"result": "TROJ_GEN.R002C0CJJ19"
|
949
586
|
},
|
950
587
|
"TrendMicro-HouseCall": {
|
951
|
-
"category": "
|
588
|
+
"category": "malicious",
|
952
589
|
"engine_name": "TrendMicro-HouseCall",
|
953
|
-
"engine_update": "
|
590
|
+
"engine_update": "20191024",
|
954
591
|
"engine_version": "10.0.0.1040",
|
955
592
|
"method": "blacklist",
|
956
|
-
"result":
|
593
|
+
"result": "TROJ_GEN.R002C0CJJ19"
|
957
594
|
},
|
958
595
|
"Trustlook": {
|
959
596
|
"category": "type-unsupported",
|
960
597
|
"engine_name": "Trustlook",
|
961
|
-
"engine_update": "
|
598
|
+
"engine_update": "20191024",
|
962
599
|
"engine_version": "1.0",
|
963
600
|
"method": "blacklist",
|
964
601
|
"result": null
|
965
602
|
},
|
966
603
|
"VBA32": {
|
967
|
-
"category": "
|
604
|
+
"category": "malicious",
|
968
605
|
"engine_name": "VBA32",
|
969
|
-
"engine_update": "
|
970
|
-
"engine_version": "4.
|
606
|
+
"engine_update": "20191023",
|
607
|
+
"engine_version": "4.2.0",
|
971
608
|
"method": "blacklist",
|
972
|
-
"result":
|
609
|
+
"result": "Trojan.Stealer"
|
973
610
|
},
|
974
611
|
"VIPRE": {
|
975
|
-
"category": "
|
612
|
+
"category": "malicious",
|
976
613
|
"engine_name": "VIPRE",
|
977
|
-
"engine_update": "
|
978
|
-
"engine_version": "
|
614
|
+
"engine_update": "20191024",
|
615
|
+
"engine_version": "78804",
|
979
616
|
"method": "blacklist",
|
980
|
-
"result":
|
617
|
+
"result": "Trojan.Win32.Generic!BT"
|
981
618
|
},
|
982
619
|
"ViRobot": {
|
983
620
|
"category": "undetected",
|
984
621
|
"engine_name": "ViRobot",
|
985
|
-
"engine_update": "
|
622
|
+
"engine_update": "20191023",
|
986
623
|
"engine_version": "2014.3.20.0",
|
987
624
|
"method": "blacklist",
|
988
625
|
"result": null
|
989
626
|
},
|
990
627
|
"Webroot": {
|
991
|
-
"category": "
|
628
|
+
"category": "malicious",
|
992
629
|
"engine_name": "Webroot",
|
993
|
-
"engine_update": "
|
630
|
+
"engine_update": "20191024",
|
994
631
|
"engine_version": "1.0.0.403",
|
995
632
|
"method": "blacklist",
|
996
|
-
"result":
|
633
|
+
"result": "W32.Dropper.Gen"
|
997
634
|
},
|
998
635
|
"Yandex": {
|
999
|
-
"category": "
|
636
|
+
"category": "malicious",
|
1000
637
|
"engine_name": "Yandex",
|
1001
|
-
"engine_update": "
|
638
|
+
"engine_update": "20191023",
|
1002
639
|
"engine_version": "5.5.2.24",
|
1003
640
|
"method": "blacklist",
|
1004
|
-
"result":
|
641
|
+
"result": "Trojan.Agent!V+Ry11PvhKQ"
|
1005
642
|
},
|
1006
643
|
"Zillya": {
|
1007
|
-
"category": "
|
644
|
+
"category": "malicious",
|
1008
645
|
"engine_name": "Zillya",
|
1009
|
-
"engine_update": "
|
1010
|
-
"engine_version": "2.0.0.
|
646
|
+
"engine_update": "20191023",
|
647
|
+
"engine_version": "2.0.0.3931",
|
1011
648
|
"method": "blacklist",
|
1012
|
-
"result":
|
649
|
+
"result": "Dropper.Injector.Win32.17840"
|
1013
650
|
},
|
1014
651
|
"ZoneAlarm": {
|
1015
|
-
"category": "
|
652
|
+
"category": "malicious",
|
1016
653
|
"engine_name": "ZoneAlarm",
|
1017
|
-
"engine_update": "
|
654
|
+
"engine_update": "20191024",
|
1018
655
|
"engine_version": "1.0",
|
1019
656
|
"method": "blacklist",
|
1020
|
-
"result":
|
657
|
+
"result": "HEUR:Trojan.Win32.Generic"
|
1021
658
|
},
|
1022
659
|
"Zoner": {
|
1023
660
|
"category": "undetected",
|
1024
661
|
"engine_name": "Zoner",
|
1025
|
-
"engine_update": "
|
1026
|
-
"engine_version": "
|
1027
|
-
"method": "blacklist",
|
1028
|
-
"result": null
|
1029
|
-
},
|
1030
|
-
"eGambit": {
|
1031
|
-
"category": "type-unsupported",
|
1032
|
-
"engine_name": "eGambit",
|
1033
|
-
"engine_update": "20200902",
|
1034
|
-
"engine_version": null,
|
662
|
+
"engine_update": "20191021",
|
663
|
+
"engine_version": "1.0.0.1",
|
1035
664
|
"method": "blacklist",
|
1036
665
|
"result": null
|
1037
666
|
}
|
@@ -1040,189 +669,177 @@ http_interactions:
|
|
1040
669
|
"confirmed-timeout": 0,
|
1041
670
|
"failure": 0,
|
1042
671
|
"harmless": 0,
|
1043
|
-
"malicious":
|
672
|
+
"malicious": 57,
|
1044
673
|
"suspicious": 0,
|
1045
674
|
"timeout": 0,
|
1046
|
-
"type-unsupported":
|
1047
|
-
"undetected":
|
675
|
+
"type-unsupported": 2,
|
676
|
+
"undetected": 13
|
1048
677
|
},
|
1049
|
-
"last_modification_date":
|
1050
|
-
"last_submission_date":
|
1051
|
-
"magic": "
|
1052
|
-
"md5": "
|
1053
|
-
"meaningful_name": "
|
678
|
+
"last_modification_date": 1591850641,
|
679
|
+
"last_submission_date": 1571482228,
|
680
|
+
"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly",
|
681
|
+
"md5": "e2a1373f5a0024b81742be35880f9422",
|
682
|
+
"meaningful_name": "WindowsApplication1.exe",
|
1054
683
|
"names": [
|
1055
|
-
"
|
1056
|
-
"
|
1057
|
-
"
|
1058
|
-
"
|
1059
|
-
"
|
1060
|
-
"
|
1061
|
-
"
|
1062
|
-
"
|
1063
|
-
"pjx",
|
1064
|
-
"cecc",
|
1065
|
-
"/var/www/clean-mx/virusesevidence/output.124266458.txt",
|
1066
|
-
"lg.php",
|
1067
|
-
"174e",
|
1068
|
-
"SGF-1000-Fact-Sheet.pdf",
|
1069
|
-
"mkbnetbankar.hu",
|
1070
|
-
"playing",
|
1071
|
-
"internet-brides-2",
|
1072
|
-
"stanislav-kravcov",
|
1073
|
-
"c+++dlls+in+labview",
|
1074
|
-
"psa",
|
1075
|
-
"rlz",
|
1076
|
-
"12",
|
1077
|
-
"onlineeduhelp",
|
1078
|
-
"bms.exe",
|
1079
|
-
"fs.html)",
|
1080
|
-
"error_404.html",
|
1081
|
-
"cbd-oildiscount-website",
|
1082
|
-
"index.htm",
|
1083
|
-
"20141106144718814148788.doc",
|
1084
|
-
"education-school-tips",
|
1085
|
-
"educational-innovation",
|
1086
|
-
"camcrush-webcam-chat-rooms-2",
|
1087
|
-
"bgclive-review-2",
|
1088
|
-
"ARLConsulSetup.exe",
|
1089
|
-
"OO",
|
1090
|
-
"proceso.php",
|
1091
|
-
"bJxzZMKUFX",
|
1092
|
-
"edutrik",
|
1093
|
-
"annotatedbibliography",
|
1094
|
-
"/var/www/clean-mx/virusesevidence/output.124357766.txt",
|
1095
|
-
"xkhqaghyIRApCdjid",
|
1096
|
-
"classified-hookup-sites-2",
|
1097
|
-
"excelz",
|
1098
|
-
"6yFdvLUwfxM7PhxJHy",
|
1099
|
-
"JMRGBOPS2DLCREVOLUTION",
|
1100
|
-
"pornporn.online",
|
1101
|
-
"wxYee",
|
1102
|
-
"super-monopoly-money-slot-loophole",
|
1103
|
-
"edutrics",
|
1104
|
-
"pxre-ns-297",
|
1105
|
-
"D0hEXxcZIagKUzDIp",
|
1106
|
-
"sound_e",
|
1107
|
-
"68b329da9893e34099c7d8ad5cb9c940.js",
|
1108
|
-
"feature-03",
|
1109
|
-
"smrd.htm",
|
1110
|
-
"main05.php",
|
1111
|
-
"main02.php",
|
1112
|
-
"main01.php",
|
1113
|
-
"MiqrGsUEOVy4ijhIX",
|
1114
|
-
"location",
|
1115
|
-
"getkey.php",
|
1116
|
-
"/var/www/clean-mx/virusesevidence/output.124408803.txt",
|
1117
|
-
"MainLink.do",
|
1118
|
-
"q3FDOwcVQhXwwBhPvFZ",
|
1119
|
-
"854a636e94caea74b94de7d70b432476.csv",
|
1120
|
-
"edu",
|
1121
|
-
"fzn",
|
1122
|
-
"top-custom-writers",
|
1123
|
-
"essaytips",
|
1124
|
-
"KTU84Q)&v=3&latitude=0.0&longitude=0.0&um5=1d1c54240f4e8e173862433d29a52ca5&o1=e8ff46a1bde24167e4cc614c686c7b18b222de1f",
|
1125
|
-
"tcr6atzyle9c_4o0v4h-495844678765",
|
1126
|
-
"interracial-dating-central-dating-2",
|
1127
|
-
"light_image",
|
1128
|
-
"msg.jpg",
|
1129
|
-
"false",
|
1130
|
-
"gs10h51fg16p_oggx8swk2m",
|
1131
|
-
"new-jersey-governor-signs-athletics-betting-42",
|
1132
|
-
"before-you-are-left-behind-what-you-have-to-do-to",
|
1133
|
-
"thinking-about-core-aspects-of-russiansbrides",
|
1134
|
-
"almost-all-important-online-casino-companies",
|
1135
|
-
"help-with-python-homework",
|
1136
|
-
"paper-writing-tips",
|
1137
|
-
"54805244615",
|
1138
|
-
"database.txt",
|
1139
|
-
"d0%EF%BF%BD%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D1%8F:%D0%9C.%D0%92%D0%B8%D0%B4%D0%B5%D0%BE-%D0%AD%D0%BB%D1%8C%D0%B4%D0%BE%D1%80%D0%B0%D0%B4%D0%BE",
|
1140
|
-
"m0uhxhf6tpgspmzi",
|
1141
|
-
"analytics.php",
|
1142
|
-
"stock",
|
1143
|
-
"k.php",
|
1144
|
-
"zLykJ-ETE7liAemnpIGW_qgDQuEJLY-Ye8",
|
1145
|
-
"/var/www/clean-mx/virusesevidence/output.124529869.txt",
|
1146
|
-
"dl.php",
|
1147
|
-
"authorization.css",
|
1148
|
-
"t.php",
|
1149
|
-
"M9Spglia8HrDzf3DSr",
|
1150
|
-
"777.freshteens.site",
|
1151
|
-
"main03.php",
|
1152
|
-
"404.html",
|
1153
|
-
"20200808",
|
1154
|
-
"test"
|
684
|
+
"%WINDIR%\\syswow64\\authcl.exe",
|
685
|
+
"WindowsApplication1.exe",
|
686
|
+
"myfile.exe",
|
687
|
+
"e2a1373f5a0024b81742be35880f9422",
|
688
|
+
"file-3634492_exe",
|
689
|
+
"c:/aa/aa",
|
690
|
+
"C:\\Nb0r\\BUYQCKY.vcf",
|
691
|
+
"C:\\fuAqk\\qfbN7B85\\bMrhSZ.tgz"
|
1155
692
|
],
|
1156
|
-
"
|
1157
|
-
"
|
1158
|
-
|
1159
|
-
|
1160
|
-
|
1161
|
-
|
1162
|
-
|
1163
|
-
|
1164
|
-
|
1165
|
-
|
1166
|
-
|
1167
|
-
|
1168
|
-
|
1169
|
-
"AT.DEN, EXTRALIB.LD",
|
1170
|
-
"EXTRALIBS.LD, GSYSTAG.FON",
|
1171
|
-
"noop.rules",
|
1172
|
-
"certify",
|
1173
|
-
"master.admin.conf",
|
1174
|
-
"EXTRALIB.LD",
|
1175
|
-
"_relops_template.h, setupserver_UNIX_SOLSG.ini",
|
1176
|
-
"PMGSEG",
|
1177
|
-
"2040, 2040.dump, dat, pidfile"
|
693
|
+
"packers": {
|
694
|
+
"PEiD": ".NET executable"
|
695
|
+
},
|
696
|
+
"pe_info": {
|
697
|
+
"entry_point": 23518,
|
698
|
+
"imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
|
699
|
+
"import_list": [
|
700
|
+
{
|
701
|
+
"imported_functions": [
|
702
|
+
"_CorExeMain"
|
703
|
+
],
|
704
|
+
"library_name": "mscoree.dll"
|
705
|
+
}
|
1178
706
|
],
|
1179
|
-
"
|
1180
|
-
|
1181
|
-
"
|
1182
|
-
"
|
1183
|
-
"
|
1184
|
-
"
|
1185
|
-
"
|
1186
|
-
"
|
1187
|
-
|
1188
|
-
|
1189
|
-
|
1190
|
-
|
1191
|
-
|
1192
|
-
|
1193
|
-
|
1194
|
-
|
1195
|
-
|
1196
|
-
|
1197
|
-
|
1198
|
-
|
1199
|
-
|
1200
|
-
|
707
|
+
"machine_type": 332,
|
708
|
+
"overlay": {
|
709
|
+
"chi2": 1014207.75,
|
710
|
+
"entropy": 6.000185966491699,
|
711
|
+
"filetype": "ASCII text",
|
712
|
+
"md5": "c707031a565895f35e0ca2234fd707fc",
|
713
|
+
"offset": 20992,
|
714
|
+
"size": 337992
|
715
|
+
},
|
716
|
+
"resource_details": [
|
717
|
+
{
|
718
|
+
"chi2": 46193.4609375,
|
719
|
+
"entropy": 2.7141945362091064,
|
720
|
+
"filetype": "data",
|
721
|
+
"lang": "NEUTRAL",
|
722
|
+
"sha256": "7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31",
|
723
|
+
"type": "RT_ICON"
|
724
|
+
},
|
725
|
+
{
|
726
|
+
"chi2": 22977.515625,
|
727
|
+
"entropy": 2.536116123199463,
|
728
|
+
"filetype": "data",
|
729
|
+
"lang": "NEUTRAL",
|
730
|
+
"sha256": "bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1",
|
731
|
+
"type": "RT_ICON"
|
732
|
+
},
|
733
|
+
{
|
734
|
+
"chi2": 2285.05859375,
|
735
|
+
"entropy": 2.477025032043457,
|
736
|
+
"filetype": "data",
|
737
|
+
"lang": "NEUTRAL",
|
738
|
+
"sha256": "e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda",
|
739
|
+
"type": "RT_GROUP_ICON"
|
740
|
+
},
|
741
|
+
{
|
742
|
+
"chi2": 59830.9453125,
|
743
|
+
"entropy": 3.3242666721343994,
|
744
|
+
"filetype": "data",
|
745
|
+
"lang": "NEUTRAL",
|
746
|
+
"sha256": "5b181f966455046910c9c74bbcb492165632ea11500b046bef9a9cfbf8012c12",
|
747
|
+
"type": "RT_VERSION"
|
748
|
+
},
|
749
|
+
{
|
750
|
+
"chi2": 29694.9140625,
|
751
|
+
"entropy": 4.939681053161621,
|
752
|
+
"filetype": "data",
|
753
|
+
"lang": "NEUTRAL",
|
754
|
+
"sha256": "cc128d68001f9e550cb5a7f3b740f75fd55f1a51aded97193edc9ab8dd72c3f4",
|
755
|
+
"type": "RT_MANIFEST"
|
756
|
+
}
|
757
|
+
],
|
758
|
+
"resource_langs": {
|
759
|
+
"NEUTRAL": 5
|
760
|
+
},
|
761
|
+
"resource_types": {
|
762
|
+
"RT_GROUP_ICON": 1,
|
763
|
+
"RT_ICON": 2,
|
764
|
+
"RT_MANIFEST": 1,
|
765
|
+
"RT_VERSION": 1
|
766
|
+
},
|
767
|
+
"sections": [
|
768
|
+
{
|
769
|
+
"entropy": 5.78,
|
770
|
+
"md5": "c561514eedc1858cdd530ff239b7dd54",
|
771
|
+
"name": ".text",
|
772
|
+
"raw_size": 15360,
|
773
|
+
"virtual_address": 8192,
|
774
|
+
"virtual_size": 15332
|
775
|
+
},
|
776
|
+
{
|
777
|
+
"entropy": 4.74,
|
778
|
+
"md5": "22ddefbb74b0ba2a9136d88159dc874a",
|
779
|
+
"name": ".rsrc",
|
780
|
+
"raw_size": 4608,
|
781
|
+
"virtual_address": 24576,
|
782
|
+
"virtual_size": 4432
|
783
|
+
},
|
784
|
+
{
|
785
|
+
"entropy": 0.08,
|
786
|
+
"md5": "7ad653a900bf1dc0a5927a51215d2ebe",
|
787
|
+
"name": ".reloc",
|
788
|
+
"raw_size": 512,
|
789
|
+
"virtual_address": 32768,
|
790
|
+
"virtual_size": 12
|
791
|
+
}
|
792
|
+
],
|
793
|
+
"timestamp": 1330865387
|
1201
794
|
},
|
1202
|
-
"reputation":
|
1203
|
-
"sha1": "
|
795
|
+
"reputation": 0,
|
796
|
+
"sha1": "d5fe4a085524645eb895dfff34e96cf2d1e9657f",
|
1204
797
|
"sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
1205
|
-
"
|
1206
|
-
|
798
|
+
"signature_info": {
|
799
|
+
"copyright": "WindowsApplication1",
|
800
|
+
"description": " ",
|
801
|
+
"file version": "1.3.0.0",
|
802
|
+
"internal name": "WindowsApplication1.exe",
|
803
|
+
"original name": "WindowsApplication1.exe"
|
804
|
+
},
|
805
|
+
"size": 358984,
|
806
|
+
"ssdeep": "6144:94VnmIRuxqDVQ4UFM7H9fdLXC2s2ibVjhSTagxnpzI+cqrwkTlUH157veB:Kn6GQ48MDJ99TaMpzz7rwkTlUHXO",
|
1207
807
|
"tags": [
|
1208
|
-
"
|
1209
|
-
"
|
1210
|
-
"
|
1211
|
-
"via-tor"
|
808
|
+
"peexe",
|
809
|
+
"assembly",
|
810
|
+
"overlay"
|
1212
811
|
],
|
1213
|
-
"times_submitted":
|
812
|
+
"times_submitted": 3,
|
1214
813
|
"total_votes": {
|
1215
|
-
"harmless":
|
1216
|
-
"malicious":
|
1217
|
-
},
|
1218
|
-
"trusted_verdict": {
|
1219
|
-
"filename": "standalone-framework.js",
|
1220
|
-
"generator": "Microsoft Corporation",
|
1221
|
-
"organization": "Microsoft Corporation",
|
1222
|
-
"verdict": "goodware"
|
814
|
+
"harmless": 0,
|
815
|
+
"malicious": 0
|
1223
816
|
},
|
1224
|
-
"
|
1225
|
-
|
817
|
+
"trid": [
|
818
|
+
{
|
819
|
+
"file_type": "Generic CIL Executable (.NET, Mono, etc.)",
|
820
|
+
"probability": 55.8
|
821
|
+
},
|
822
|
+
{
|
823
|
+
"file_type": "Win64 Executable (generic)",
|
824
|
+
"probability": 21.0
|
825
|
+
},
|
826
|
+
{
|
827
|
+
"file_type": "Windows screen saver",
|
828
|
+
"probability": 9.9
|
829
|
+
},
|
830
|
+
{
|
831
|
+
"file_type": "Win32 Dynamic Link Library (generic)",
|
832
|
+
"probability": 5.0
|
833
|
+
},
|
834
|
+
{
|
835
|
+
"file_type": "Win32 Executable (generic)",
|
836
|
+
"probability": 3.4
|
837
|
+
}
|
838
|
+
],
|
839
|
+
"type_description": "Win32 EXE",
|
840
|
+
"type_tag": "peexe",
|
841
|
+
"unique_sources": 3,
|
842
|
+
"vhash": "235036555511507a1230050"
|
1226
843
|
},
|
1227
844
|
"id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
|
1228
845
|
"links": {
|
@@ -1232,5 +849,5 @@ http_interactions:
|
|
1232
849
|
}
|
1233
850
|
}
|
1234
851
|
http_version:
|
1235
|
-
recorded_at:
|
852
|
+
recorded_at: Tue, 29 Sep 2020 10:22:20 GMT
|
1236
853
|
recorded_with: VCR 5.0.0
|