virustotal_api 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +9 -1
  3. data/README.md +38 -0
  4. data/lib/virustotal_api.rb +2 -0
  5. data/lib/virustotal_api/base.rb +5 -1
  6. data/lib/virustotal_api/file.rb +1 -1
  7. data/lib/virustotal_api/group.rb +26 -0
  8. data/lib/virustotal_api/user.rb +26 -0
  9. data/lib/virustotal_api/version.rb +1 -1
  10. data/test/base_test.rb +8 -0
  11. data/test/exceptions_test.rb +8 -0
  12. data/test/file_test.rb +3 -0
  13. data/test/fixtures/file_find.yml +441 -824
  14. data/test/fixtures/file_not_found.yml +52 -0
  15. data/test/fixtures/file_rate_limit.yml +52 -0
  16. data/test/fixtures/group_find.yml +216 -0
  17. data/test/fixtures/user_find.yml +213 -0
  18. data/test/group_test.rb +32 -0
  19. data/test/url_test.rb +1 -1
  20. data/test/user_test.rb +31 -0
  21. metadata +16 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: eea5809e6c6dc3ac2e0198339a9e010dca3032b2f7f92df35c1b373a93a222fb
4
- data.tar.gz: c2246c22846665db2518b24180973ddfbb813d3e50f60d9104c86120a29ccc96
3
+ metadata.gz: 1bed8beb641ac85649be4628d37065079d3f2c881499a67065200eeba57f2176
4
+ data.tar.gz: a55ce4ed4bdc573607389e20578efd53f10d7ab1597b3deb05644571dac752c6
5
5
  SHA512:
6
- metadata.gz: eac655bf5eb1b214b1799c4e6f1f9bd8476e1dd0e8f77206f1d06e8a1e0fffb30c6a4bb7720fc094760ec54f45fe450c37de5b1555ed1a5e5695ccfe86570e1f
7
- data.tar.gz: 9932d3ca7ca249ed1e4b6f2dc16503fd28bf9d750c057ce4eacdb779841992e1455873118850ab0376711384dc6da9bba07188c70b5e3322e81577739d17e787
6
+ metadata.gz: 13c8674a48591fd1c063a4d76040555aeace01a19981feb558241ff1843984f2e8052c6169bec8a1ec4f63519e14bf9b3a109fcf7f8fc667d8a1e0cbfe7f99aa
7
+ data.tar.gz: b64cfe0bfa5fa79927d22d591534f2b7db2b3ca7f572e8360b0423c3de5def7948f3264381e001596c095c66ec04187fe5fddf1d4148ad21bcf66a08eaf981ac
data/CHANGELOG.md CHANGED
@@ -1,5 +1,13 @@
1
1
  # VirusTotal API Changelog
2
2
 
3
+ ## [0.5.2] - 2020-10-06
4
+
5
+ * Fix Fix exists? check
6
+ * Fix detected_by for File
7
+ * Fix RateLimitError
8
+ * Added User and Group API
9
+ * [@jonnynux](https://github.com/jonnynux)
10
+
3
11
  ## [0.5.1] - 2020-10-06
4
12
 
5
13
  * Downgrade ruby requirement to 2.5.
@@ -7,7 +15,7 @@
7
15
 
8
16
  ## [0.5.0] - 2020-09-02
9
17
 
10
- * Full rework to support API V3.
18
+ * Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
11
19
  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
12
20
  * Move to Ruby 2.6 for minimum Ruby version
13
21
 
data/README.md CHANGED
@@ -185,6 +185,44 @@ vtdomain_report.report
185
185
  # => Hash of report results
186
186
  ```
187
187
 
188
+ ### User Find
189
+
190
+ ```ruby
191
+ require 'virustotal_api'
192
+
193
+ user_key = 'user_key' # user_id or api_key
194
+ api_key = 'MY_API_KEY'
195
+
196
+ vtuser_report = VirustotalAPI::User.find(user_key, api_key)
197
+
198
+ # Does the resource have any results?
199
+ vtuser_report.exists?
200
+ # => true
201
+
202
+ # Report results (if they exist) are available via #report
203
+ vtuser_report.report
204
+ # => Hash of report results
205
+ ```
206
+
207
+ ### Group Find
208
+
209
+ ```ruby
210
+ require 'virustotal_api'
211
+
212
+ group_id = 'GROUP_id'
213
+ api_key = 'MY_API_KEY'
214
+
215
+ vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
216
+
217
+ # Does the resource have any results?
218
+ vtgroup_report.exists?
219
+ # => true
220
+
221
+ # Report results (if they exist) are available via #report
222
+ vtgroup_report.report
223
+ # => Hash of report results
224
+ ```
225
+
188
226
  ## Contributors
189
227
 
190
228
  - [@postmodern](https://github.com/postmodern)
data/lib/virustotal_api.rb CHANGED
@@ -3,7 +3,9 @@
3
3
  require 'virustotal_api/analysis'
4
4
  require 'virustotal_api/domain'
5
5
  require 'virustotal_api/file'
6
+ require 'virustotal_api/group'
6
7
  require 'virustotal_api/ip'
7
8
  require 'virustotal_api/url'
8
9
  require 'virustotal_api/uri'
10
+ require 'virustotal_api/user'
9
11
  require 'virustotal_api/version'
data/lib/virustotal_api/base.rb CHANGED
@@ -36,11 +36,15 @@ module VirustotalAPI
36
36
  )
37
37
  JSON.parse(response.body)
38
38
  rescue RestClient::NotFound
39
- nil
39
+ {}
40
40
  rescue RestClient::Unauthorized
41
41
  # Raise a custom exception not to expose the underlying
42
42
  # HTTP client.
43
43
  raise VirustotalAPI::Unauthorized
44
+ rescue RestClient::TooManyRequests
45
+ # Raise a custom exception not to expose the underlying
46
+ # HTTP client.
47
+ raise VirustotalAPI::RateLimitError
44
48
  end
45
49
 
46
50
  # @return [String] string of API URI instance method
data/lib/virustotal_api/file.rb CHANGED
@@ -50,7 +50,7 @@ module VirustotalAPI
50
50
  # @param [String] engine The engine to check.
51
51
  # @return [Boolean] true if detected
52
52
  def detected_by(engine)
53
- report['data']['attributes']['last_analysis_results'][engine]['category'] == 'harmless'
53
+ report&.dig('data', 'attributes', 'last_analysis_results', engine, 'category') == 'malicious'
54
54
  end
55
55
  end
56
56
  end
data/lib/virustotal_api/group.rb ADDED
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'base'
4
+
5
+ module VirustotalAPI
6
+ # A class for '/groups' API
7
+ class Group < Base
8
+ attr_reader :report_url, :id
9
+
10
+ def initialize(report)
11
+ super(report)
12
+ @report_url = report&.dig('data', 'links', 'self')
13
+ @id = report&.dig('data', 'id')
14
+ end
15
+
16
+ # Find a Group.
17
+ #
18
+ # @param [String] group_id to find
19
+ # @param [String] api_key The key for virustotal
20
+ # @return [VirustotalAPI::User] Report
21
+ def self.find(group_id, api_key)
22
+ report = perform("/groups/#{group_id}", api_key)
23
+ new(report)
24
+ end
25
+ end
26
+ end
data/lib/virustotal_api/user.rb ADDED
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative 'base'
4
+
5
+ module VirustotalAPI
6
+ # A class for '/users' API
7
+ class User < Base
8
+ attr_reader :report_url, :id
9
+
10
+ def initialize(report)
11
+ super(report)
12
+ @report_url = report&.dig('data', 'links', 'self')
13
+ @id = report&.dig('data', 'id')
14
+ end
15
+
16
+ # Find a User.
17
+ #
18
+ # @param [String] user_key with id or api_key
19
+ # @param [String] api_key The key for virustotal
20
+ # @return [VirustotalAPI::User] Report
21
+ def self.find(user_key, api_key)
22
+ report = perform("/users/#{user_key}", api_key)
23
+ new(report)
24
+ end
25
+ end
26
+ end
data/lib/virustotal_api/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
 
3
3
  module VirustotalAPI
4
4
  # The GEM version
5
- VERSION = '0.5.1'
5
+ VERSION = '0.5.2'
6
6
  end
data/test/base_test.rb CHANGED
@@ -36,4 +36,12 @@ class VirustotalAPIBaseTest < Minitest::Test
36
36
  assert virustotal_report.exists?
37
37
  end
38
38
  end
39
+
40
+ def test_not_exists?
41
+ VCR.use_cassette('file_not_found') do
42
+ virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
43
+
44
+ assert !virustotal_report.exists?
45
+ end
46
+ end
39
47
  end
data/test/exceptions_test.rb CHANGED
@@ -20,4 +20,12 @@ class RateLimitErrorTest < Minitest::Test
20
20
  end
21
21
  end
22
22
  end
23
+
24
+ def test_rate_limit
25
+ VCR.use_cassette('file_rate_limit') do
26
+ assert_raises VirustotalAPI::RateLimitError do
27
+ VirustotalAPI::File.analyse(@sha256, @api_key)
28
+ end
29
+ end
30
+ end
23
31
  end
data/test/file_test.rb CHANGED
@@ -31,6 +31,9 @@ class VirustotalAPIFileTest < Minitest::Test
31
31
 
32
32
  assert virustotal_report.report_url.is_a?(String)
33
33
  assert_equal permalink, virustotal_report.report_url
34
+ assert virustotal_report.detected_by('Avira')
35
+ assert !virustotal_report.detected_by('Acronis')
36
+ assert !virustotal_report.detected_by('Yeyeyeye') # not present in file
34
37
  end
35
38
  end
36
39
 
data/test/fixtures/file_find.yml CHANGED
@@ -31,529 +31,166 @@ http_interactions:
31
31
  Content-Type:
32
32
  - application/json; charset=utf-8
33
33
  X-Cloud-Trace-Context:
34
- - 03407b05cfb2624364180a01ed7921cd
34
+ - 3dcde25d6fa7896edd5d4044bbc2682f
35
35
  Date:
36
- - Wed, 02 Sep 2020 14:02:33 GMT
36
+ - Tue, 29 Sep 2020 10:22:19 GMT
37
37
  Server:
38
38
  - Google Frontend
39
39
  Content-Length:
40
- - '45861'
40
+ - '33479'
41
41
  body:
42
42
  encoding: UTF-8
43
43
  string: |-
44
44
  {
45
45
  "data": {
46
46
  "attributes": {
47
- "autostart_locations": [
48
- {
49
- "entry": "",
50
- "location": "mock"
51
- },
52
- {
53
- "entry": "launchd.conf",
54
- "location": "Startup Scripts"
55
- },
56
- {
57
- "entry": " ",
58
- "location": " "
59
- },
60
- {
61
- "entry": "Trend Micro Toolbar",
62
- "location": "Google Chrome Add-ons"
63
- },
64
- {
65
- "entry": "mhuntagent",
66
- "location": "Launch_Daemons"
67
- },
68
- {
69
- "entry": "Tampermonkey",
70
- "location": "Google Chrome Add-ons"
71
- },
72
- {
73
- "entry": "LastPass: Free Password Manager",
74
- "location": "Google Chrome Add-ons"
75
- },
76
- {
77
- "entry": "Ace Script",
78
- "location": "Google Chrome Add-ons"
79
- },
80
- {
81
- "entry": "Webroot Password Manager",
82
- "location": "Google Chrome Add-ons"
83
- },
84
- {
85
- "entry": "1Password extension (desktop app required)",
86
- "location": "Google Chrome Add-ons"
87
- },
88
- {
89
- "entry": "QuickMark QR Code Extension",
90
- "location": "Google Chrome Add-ons"
91
- },
92
- {
93
- "entry": "ZoneAlarm Anti-Phishing",
94
- "location": "Google Chrome Add-ons"
95
- },
96
- {
97
- "entry": "Webroot Password Manager",
98
- "location": "Mozilla Firefox Add-ons"
99
- },
100
- {
101
- "entry": "Tampermonkey",
102
- "location": "Chromium Add-ons"
103
- },
104
- {
105
- "entry": "Solid Savings",
106
- "location": "Mozilla Firefox Add-ons"
107
- },
108
- {
109
- "entry": "Astrmenda Search",
110
- "location": "Mozilla Firefox Add-ons"
111
- },
112
- {
113
- "entry": "",
114
- "location": "C:\\Windows\\Explorer.exe"
115
- },
116
- {
117
- "entry": "LyricsSay-1",
118
- "location": "Google Chrome Add-ons"
119
- },
120
- {
121
- "entry": "Advanced HTML for Gmail/Outlook/Office365",
122
- "location": "Google Chrome Add-ons"
123
- },
124
- {
125
- "entry": "Vosteran Search",
126
- "location": "Mozilla Firefox Add-ons"
127
- },
128
- {
129
- "entry": "CinemaP-1.9cV20.10",
130
- "location": "Google Chrome Add-ons"
131
- },
132
- {
133
- "entry": "Supreme Savings",
134
- "location": "Mozilla Firefox Add-ons"
135
- },
136
- {
137
- "entry": "AOL Toolbar",
138
- "location": "Mozilla Firefox Add-ons"
139
- },
140
- {
141
- "entry": "rc.server",
142
- "location": "Startup Scripts"
143
- },
144
- {
145
- "entry": "Browser Backgrounds",
146
- "location": "Mozilla Firefox Add-ons"
147
- },
148
- {
149
- "entry": "LastPass",
150
- "location": "Google Chrome Add-ons"
151
- },
152
- {
153
- "entry": "Motorola Connect",
154
- "location": "Google Chrome Add-ons"
155
- },
156
- {
157
- "entry": "Tampermonkey BETA",
158
- "location": "Google Chrome Add-ons"
159
- },
160
- {
161
- "entry": "Check Point SandBlast Agent for Browsers",
162
- "location": "Google Chrome Add-ons"
163
- },
164
- {
165
- "entry": "Trend Micro Toolbar",
166
- "location": "Chromium Add-ons"
167
- },
168
- {
169
- "entry": "LastPass",
170
- "location": "Mozilla Firefox Add-ons"
171
- },
172
- {
173
- "entry": "Nano Adblocker",
174
- "location": "Google Chrome Add-ons"
175
- },
176
- {
177
- "entry": "",
178
- "location": "undefined"
179
- },
180
- {
181
- "entry": "923565845ab590c7d7fa8b6547b93748887497ab",
182
- "location": "Login Items"
183
- },
184
- {
185
- "entry": "Shutterfly Exporter",
186
- "location": "Google Chrome Add-ons"
187
- },
188
- {
189
- "entry": "Ripple Wallet",
190
- "location": "Google Chrome Add-ons"
191
- },
192
- {
193
- "entry": "CinemaHd For Pro 2.4cV10.01",
194
- "location": "Opera Add-ons"
195
- },
196
- {
197
- "entry": "Tamil FM and Online Radios",
198
- "location": "Google Chrome Add-ons"
199
- },
200
- {
201
- "entry": "M-Lab Measure",
202
- "location": "Google Chrome Add-ons"
203
- },
204
- {
205
- "entry": "LastPass",
206
- "location": "Chromium Add-ons"
207
- },
208
- {
209
- "entry": "Tampermonkey",
210
- "location": "Opera Add-ons"
211
- },
212
- {
213
- "entry": "Foxtrick",
214
- "location": "Google Chrome Add-ons"
215
- },
216
- {
217
- "entry": "Weather Now",
218
- "location": "Google Chrome Add-ons"
219
- },
220
- {
221
- "entry": "Ace Stream Web Extension",
222
- "location": "Google Chrome Add-ons"
223
- },
224
- {
225
- "entry": "CRM for Gmail",
226
- "location": "Google Chrome Add-ons"
227
- },
228
- {
229
- "entry": "Daily Horoscope",
230
- "location": "Google Chrome Add-ons"
231
- },
232
- {
233
- "entry": "HD-Quality-3.1V15.12",
234
- "location": "Google Chrome Add-ons"
235
- },
236
- {
237
- "entry": "Kaspersky Password Manager",
238
- "location": "Mozilla Firefox Add-ons"
239
- },
240
- {
241
- "entry": "Easy Deals",
242
- "location": "Google Chrome Add-ons"
243
- },
244
- {
245
- "entry": "Webroot",
246
- "location": "Google Chrome Add-ons"
247
- },
248
- {
249
- "entry": "Freeven pro",
250
- "location": "Google Chrome Add-ons"
251
- },
252
- {
253
- "entry": "Plus-HD-V1.6",
254
- "location": "Google Chrome Add-ons"
255
- },
256
- {
257
- "entry": "MyBrowser 1.0.2V24.08",
258
- "location": "Google Chrome Add-ons"
259
- },
260
- {
261
- "entry": "Webroot Password Manager",
262
- "location": "Chromium Add-ons"
263
- },
264
- {
265
- "entry": "Adblock Super",
266
- "location": "Google Chrome Add-ons"
267
- },
268
- {
269
- "entry": "SuperLyrics-1",
270
- "location": "Google Chrome Add-ons"
271
- },
272
- {
273
- "entry": "SavingsApp",
274
- "location": "Mozilla Firefox Add-ons"
275
- },
276
- {
277
- "entry": "Savings Sidekick",
278
- "location": "Mozilla Firefox Add-ons"
279
- },
280
- {
281
- "entry": "Ask Toolbar for Firefox",
282
- "location": "Mozilla Firefox Add-ons"
283
- },
284
- {
285
- "entry": "HD-Quality-3.1V11.12",
286
- "location": "Google Chrome Add-ons"
287
- },
288
- {
289
- "entry": "MyBrowser 1.0.2V16.09",
290
- "location": "Google Chrome Add-ons"
291
- },
292
- {
293
- "entry": "Astromenda Search Addon",
294
- "location": "Mozilla Firefox Add-ons"
295
- },
296
- {
297
- "entry": "StravistiX for Strava",
298
- "location": "Google Chrome Add-ons"
299
- },
300
- {
301
- "entry": "CinPlus-2.4cV24.12",
302
- "location": "Google Chrome Add-ons"
303
- },
304
- {
305
- "entry": "Ace Stream Web Extension",
306
- "location": "Chromium Add-ons"
307
- },
308
- {
309
- "entry": "CyberLink YouCam WebLogin",
310
- "location": "Mozilla Firefox Add-ons"
311
- },
312
- {
313
- "entry": "HQ-Video-Pro-2.1cV30.11",
314
- "location": "Google Chrome Add-ons"
315
- },
316
- {
317
- "entry": "Save to Pocket",
318
- "location": "Google Chrome Add-ons"
319
- },
320
- {
321
- "entry": "Cinema Plus v6V23.07",
322
- "location": "Google Chrome Add-ons"
323
- },
324
- {
325
- "entry": "PlusHD Cinema 2.1cV03.03",
326
- "location": "Google Chrome Add-ons"
327
- },
328
- {
329
- "entry": "Plus-HD-9.5",
330
- "location": "Google Chrome Add-ons"
331
- },
332
- {
333
- "entry": "",
334
- "location": "HKLM/System/CurrentControlSet/Services/"
335
- },
336
- {
337
- "entry": "Adblock",
338
- "location": "Mozilla Firefox Add-ons"
339
- },
340
- {
341
- "entry": "TubeSaver-16",
342
- "location": "Mozilla Firefox Add-ons"
343
- },
344
- {
345
- "entry": "FoxTrick",
346
- "location": "Google Chrome Add-ons"
347
- },
348
- {
349
- "entry": "HDQ-1.2cV26.12",
350
- "location": "Opera Add-ons"
351
- },
352
- {
353
- "entry": "CinePlus-1.44V09.11",
354
- "location": "Google Chrome Add-ons"
355
- },
356
- {
357
- "entry": "Shopping Sidekick",
358
- "location": "Mozilla Firefox Add-ons"
359
- },
360
- {
361
- "entry": "Feven 1.5",
362
- "location": "Google Chrome Add-ons"
363
- },
364
- {
365
- "entry": "CinemaP-1.9cV31.07",
366
- "location": "Google Chrome Add-ons"
367
- },
368
- {
369
- "entry": "CinemaPlus-4.5vV30.07",
370
- "location": "Google Chrome Add-ons"
371
- },
372
- {
373
- "entry": "Cinema_Plus_3.1rV28.10",
374
- "location": "Google Chrome Add-ons"
375
- },
376
- {
377
- "entry": "Coupon Companion Plugin",
378
- "location": "Mozilla Firefox Add-ons"
379
- },
380
- {
381
- "entry": "Plus-HD-2.6",
382
- "location": "Mozilla Firefox Add-ons"
383
- },
384
- {
385
- "entry": "CinemaP-1.9cV07.11",
386
- "location": "Mozilla Firefox Add-ons"
387
- },
388
- {
389
- "entry": "Plus-HD-9.3",
390
- "location": "Google Chrome Add-ons"
391
- },
392
- {
393
- "entry": "Cinema-Plus-1.2",
394
- "location": "Google Chrome Add-ons"
395
- },
396
- {
397
- "entry": "CinemaP-1.3c",
398
- "location": "Google Chrome Add-ons"
399
- },
400
- {
401
- "entry": "Firefox OS 1.3 Simulator",
402
- "location": "Mozilla Firefox Add-ons"
403
- },
404
- {
405
- "entry": "Cinema PlusV17.09",
406
- "location": "Mozilla Firefox Add-ons"
407
- },
408
- {
409
- "entry": "LyricsFan-2",
410
- "location": "Google Chrome Add-ons"
411
- },
412
- {
413
- "entry": "CinePlus-1.44V30.08",
414
- "location": "Google Chrome Add-ons"
415
- },
416
- {
417
- "entry": "CinemaPlus_1.3dV13.05",
418
- "location": "Opera Add-ons"
419
- },
420
- {
421
- "entry": "Plus-HD-V1.6c",
422
- "location": "Mozilla Firefox Add-ons"
423
- },
424
- {
425
- "entry": "HDtubeV1.6V31.10",
426
- "location": "Google Chrome Add-ons"
427
- },
428
- {
429
- "entry": "Cinema PlusV26.03",
430
- "location": "Opera Add-ons"
431
- },
432
- {
433
- "entry": "HQ Video Pro 2.1cV16.06",
434
- "location": "Google Chrome Add-ons"
435
- },
436
- {
437
- "entry": "Plus-HD-9.6",
438
- "location": "Mozilla Firefox Add-ons"
439
- }
440
- ],
47
+ "authentihash": "59f506734a1bedf95e871bc95eb38dae2aede7b48986e2108021c584bb53c685",
48
+ "creation_date": 1330865387,
49
+ "dot_net_guids": {
50
+ "mvid": "5beaa6c7-a8b7-46a2-a2cd-5d878c3b22e6",
51
+ "typelib_id": "728093e4-7457-46be-8e8e-0fdee382cfff"
52
+ },
441
53
  "downloadable": true,
442
54
  "exiftool": {
443
- "FileType": "TXT",
444
- "FileTypeExtension": "txt",
445
- "LineCount": "1",
446
- "MIMEEncoding": "us-ascii",
447
- "MIMEType": "text/plain",
448
- "Newlines": "Unix LF",
449
- "WordCount": "0"
55
+ "AssemblyVersion": "1.3.0.0",
56
+ "CharacterSet": "Unicode",
57
+ "CodeSize": "15360",
58
+ "EntryPoint": "0x5bde",
59
+ "FileFlagsMask": "0x003f",
60
+ "FileOS": "Win32",
61
+ "FileSubtype": "0",
62
+ "FileType": "Win32 EXE",
63
+ "FileTypeExtension": "exe",
64
+ "FileVersion": "1.3.0.0",
65
+ "FileVersionNumber": "1.3.0.0",
66
+ "ImageFileCharacteristics": "Executable, 32-bit",
67
+ "ImageVersion": "0.0",
68
+ "InitializedDataSize": "5120",
69
+ "InternalName": "WindowsApplication1.exe",
70
+ "LanguageCode": "Neutral",
71
+ "LegalCopyright": "WindowsApplication1",
72
+ "LegalTrademarks": "WindowsApplication1",
73
+ "LinkerVersion": "8.0",
74
+ "MIMEType": "application/octet-stream",
75
+ "MachineType": "Intel 386 or later, and compatibles",
76
+ "OSVersion": "4.0",
77
+ "ObjectFileType": "Executable application",
78
+ "OriginalFileName": "WindowsApplication1.exe",
79
+ "PEType": "PE32",
80
+ "ProductVersion": "1.3.0.0",
81
+ "ProductVersionNumber": "1.3.0.0",
82
+ "Subsystem": "Windows GUI",
83
+ "SubsystemVersion": "4.0",
84
+ "TimeStamp": "2012:03:04 13:49:47+01:00",
85
+ "UninitializedDataSize": "0"
450
86
  },
451
- "first_submission_date": 1236257138,
452
- "last_analysis_date": 1599045062,
87
+ "first_seen_itw_date": 1309516636,
88
+ "first_submission_date": 1331065880,
89
+ "last_analysis_date": 1571882366,
453
90
  "last_analysis_results": {
454
91
  "ALYac": {
455
- "category": "undetected",
92
+ "category": "malicious",
456
93
  "engine_name": "ALYac",
457
- "engine_update": "20200902",
94
+ "engine_update": "20191024",
458
95
  "engine_version": "1.1.1.5",
459
96
  "method": "blacklist",
460
- "result": null
97
+ "result": "Gen:Variant.Razy.448897"
461
98
  },
462
99
  "APEX": {
463
- "category": "type-unsupported",
100
+ "category": "malicious",
464
101
  "engine_name": "APEX",
465
- "engine_update": "20200901",
466
- "engine_version": "6.66",
102
+ "engine_update": "20191022",
103
+ "engine_version": "5.76",
467
104
  "method": "blacklist",
468
- "result": null
105
+ "result": "Malicious"
469
106
  },
470
107
  "AVG": {
471
- "category": "undetected",
108
+ "category": "malicious",
472
109
  "engine_name": "AVG",
473
- "engine_update": "20200902",
110
+ "engine_update": "20191024",
474
111
  "engine_version": "18.4.3895.0",
475
112
  "method": "blacklist",
476
- "result": null
113
+ "result": "MSIL:GenMalicious-BHV [Trj]"
477
114
  },
478
115
  "Acronis": {
479
- "category": "type-unsupported",
116
+ "category": "undetected",
480
117
  "engine_name": "Acronis",
481
- "engine_update": "20200806",
482
- "engine_version": "1.1.1.77",
118
+ "engine_update": "20191018",
119
+ "engine_version": "1.1.1.58",
483
120
  "method": "blacklist",
484
121
  "result": null
485
122
  },
486
123
  "Ad-Aware": {
487
- "category": "undetected",
124
+ "category": "malicious",
488
125
  "engine_name": "Ad-Aware",
489
- "engine_update": "20200902",
490
- "engine_version": "3.0.16.117",
126
+ "engine_update": "20191024",
127
+ "engine_version": "3.0.5.370",
491
128
  "method": "blacklist",
492
- "result": null
129
+ "result": "Gen:Variant.Razy.448897"
493
130
  },
494
131
  "AegisLab": {
495
- "category": "undetected",
132
+ "category": "malicious",
496
133
  "engine_name": "AegisLab",
497
- "engine_update": "20200902",
134
+ "engine_update": "20191024",
498
135
  "engine_version": "4.2",
499
136
  "method": "blacklist",
500
- "result": null
137
+ "result": "Adware.MSIL.Generic.lxai"
501
138
  },
502
139
  "AhnLab-V3": {
503
- "category": "undetected",
140
+ "category": "malicious",
504
141
  "engine_name": "AhnLab-V3",
505
- "engine_update": "20200902",
506
- "engine_version": "3.18.1.10026",
142
+ "engine_update": "20191024",
143
+ "engine_version": "3.16.3.25410",
507
144
  "method": "blacklist",
508
- "result": null
145
+ "result": "Win-Trojan/MSILKrypt09.Exp"
509
146
  },
510
147
  "Alibaba": {
511
- "category": "type-unsupported",
148
+ "category": "malicious",
512
149
  "engine_name": "Alibaba",
513
150
  "engine_update": "20190527",
514
151
  "engine_version": "0.3.0.5",
515
152
  "method": "blacklist",
516
- "result": null
153
+ "result": "Backdoor:Win32/Fynloski.ddc60b83"
517
154
  },
518
155
  "Antiy-AVL": {
519
- "category": "undetected",
156
+ "category": "malicious",
520
157
  "engine_name": "Antiy-AVL",
521
- "engine_update": "20200902",
158
+ "engine_update": "20191024",
522
159
  "engine_version": "3.0.0.1",
523
160
  "method": "blacklist",
524
- "result": null
161
+ "result": "Trojan/Win32.Inject"
525
162
  },
526
163
  "Arcabit": {
527
- "category": "undetected",
164
+ "category": "malicious",
528
165
  "engine_name": "Arcabit",
529
- "engine_update": "20200902",
530
- "engine_version": "1.0.0.881",
166
+ "engine_update": "20191024",
167
+ "engine_version": "1.0.0.861",
531
168
  "method": "blacklist",
532
- "result": null
169
+ "result": "Trojan.Razy.D6D981"
533
170
  },
534
171
  "Avast": {
535
- "category": "undetected",
172
+ "category": "malicious",
536
173
  "engine_name": "Avast",
537
- "engine_update": "20200902",
174
+ "engine_update": "20191024",
538
175
  "engine_version": "18.4.3895.0",
539
176
  "method": "blacklist",
540
- "result": null
177
+ "result": "MSIL:GenMalicious-BHV [Trj]"
541
178
  },
542
179
  "Avast-Mobile": {
543
- "category": "type-unsupported",
180
+ "category": "undetected",
544
181
  "engine_name": "Avast-Mobile",
545
- "engine_update": "20200902",
546
- "engine_version": "200902-00",
182
+ "engine_update": "20191012",
183
+ "engine_version": "191012-04",
547
184
  "method": "blacklist",
548
185
  "result": null
549
186
  },
550
187
  "Avira": {
551
- "category": "undetected",
188
+ "category": "malicious",
552
189
  "engine_name": "Avira",
553
- "engine_update": "20200902",
190
+ "engine_update": "20191023",
554
191
  "engine_version": "8.3.3.8",
555
192
  "method": "blacklist",
556
- "result": null
193
+ "result": "TR/Dropper.Gen"
557
194
  },
558
195
  "Baidu": {
559
196
  "category": "undetected",
@@ -564,353 +201,345 @@ http_interactions:
564
201
  "result": null
565
202
  },
566
203
  "BitDefender": {
567
- "category": "undetected",
204
+ "category": "malicious",
568
205
  "engine_name": "BitDefender",
569
- "engine_update": "20200902",
206
+ "engine_update": "20191024",
570
207
  "engine_version": "7.2",
571
208
  "method": "blacklist",
572
- "result": null
573
- },
574
- "BitDefenderTheta": {
575
- "category": "undetected",
576
- "engine_name": "BitDefenderTheta",
577
- "engine_update": "20200902",
578
- "engine_version": "7.2.37796.0",
579
- "method": "blacklist",
580
- "result": null
209
+ "result": "Gen:Variant.Razy.448897"
581
210
  },
582
211
  "Bkav": {
583
212
  "category": "undetected",
584
213
  "engine_name": "Bkav",
585
- "engine_update": "20200901",
586
- "engine_version": "1.3.0.9899",
214
+ "engine_update": "20191023",
215
+ "engine_version": "1.3.0.10239",
587
216
  "method": "blacklist",
588
217
  "result": null
589
218
  },
590
219
  "CAT-QuickHeal": {
591
- "category": "undetected",
220
+ "category": "malicious",
592
221
  "engine_name": "CAT-QuickHeal",
593
- "engine_update": "20200902",
222
+ "engine_update": "20191022",
594
223
  "engine_version": "14.00",
595
224
  "method": "blacklist",
596
- "result": null
225
+ "result": "Trojan.GenericFC.S6053517"
597
226
  },
598
227
  "CMC": {
599
- "category": "undetected",
228
+ "category": "malicious",
600
229
  "engine_name": "CMC",
601
- "engine_update": "20200902",
602
- "engine_version": "2.7.2019.1",
230
+ "engine_update": "20190321",
231
+ "engine_version": "1.1.0.977",
603
232
  "method": "blacklist",
604
- "result": null
233
+ "result": "Trojan.MSIL.Agent!O"
605
234
  },
606
235
  "ClamAV": {
607
- "category": "undetected",
236
+ "category": "malicious",
608
237
  "engine_name": "ClamAV",
609
- "engine_update": "20200901",
610
- "engine_version": "0.102.4.0",
238
+ "engine_update": "20191023",
239
+ "engine_version": "0.102.0.0",
611
240
  "method": "blacklist",
612
- "result": null
241
+ "result": "Win.Trojan.Agent-1389032"
613
242
  },
614
243
  "Comodo": {
615
- "category": "undetected",
244
+ "category": "malicious",
616
245
  "engine_name": "Comodo",
617
- "engine_update": "20200728",
618
- "engine_version": "32668",
246
+ "engine_update": "20191024",
247
+ "engine_version": "31639",
619
248
  "method": "blacklist",
620
- "result": null
249
+ "result": "TrojWare.MSIL.TrojanDropper.Agent.VX@4na2u0"
621
250
  },
622
251
  "CrowdStrike": {
623
- "category": "type-unsupported",
252
+ "category": "malicious",
624
253
  "engine_name": "CrowdStrike",
625
254
  "engine_update": "20190702",
626
255
  "engine_version": "1.0",
627
256
  "method": "blacklist",
628
- "result": null
257
+ "result": "win/malicious_confidence_100% (D)"
629
258
  },
630
259
  "Cybereason": {
631
- "category": "type-unsupported",
260
+ "category": "malicious",
632
261
  "engine_name": "Cybereason",
633
262
  "engine_update": "20190616",
634
263
  "engine_version": "1.2.449",
635
264
  "method": "blacklist",
636
- "result": null
265
+ "result": "malicious.f5a002"
637
266
  },
638
267
  "Cylance": {
639
- "category": "type-unsupported",
268
+ "category": "malicious",
640
269
  "engine_name": "Cylance",
641
- "engine_update": "20200902",
270
+ "engine_update": "20191024",
642
271
  "engine_version": "2.3.1.101",
643
272
  "method": "blacklist",
644
- "result": null
645
- },
646
- "Cynet": {
647
- "category": "undetected",
648
- "engine_name": "Cynet",
649
- "engine_update": "20200902",
650
- "engine_version": "4.0.0.24",
651
- "method": "blacklist",
652
- "result": null
273
+ "result": "Unsafe"
653
274
  },
654
275
  "Cyren": {
655
- "category": "undetected",
276
+ "category": "malicious",
656
277
  "engine_name": "Cyren",
657
- "engine_update": "20200902",
658
- "engine_version": "6.3.0.2",
278
+ "engine_update": "20191024",
279
+ "engine_version": "6.2.2.2",
659
280
  "method": "blacklist",
660
- "result": null
281
+ "result": "W32/A-7f374f2a!Eldorado"
661
282
  },
662
283
  "DrWeb": {
663
- "category": "undetected",
284
+ "category": "malicious",
664
285
  "engine_name": "DrWeb",
665
- "engine_update": "20200902",
666
- "engine_version": "7.0.48.8080",
286
+ "engine_update": "20191024",
287
+ "engine_version": "7.0.41.7240",
667
288
  "method": "blacklist",
668
- "result": null
289
+ "result": "Win32.HLLW.Autoruner.25074"
669
290
  },
670
291
  "ESET-NOD32": {
671
- "category": "undetected",
292
+ "category": "malicious",
672
293
  "engine_name": "ESET-NOD32",
673
- "engine_update": "20200902",
674
- "engine_version": "21921",
294
+ "engine_update": "20191024",
295
+ "engine_version": "20231",
675
296
  "method": "blacklist",
676
- "result": null
677
- },
678
- "Elastic": {
679
- "category": "type-unsupported",
680
- "engine_name": "Elastic",
681
- "engine_update": "20200831",
682
- "engine_version": "4.0.8",
683
- "method": "blacklist",
684
- "result": null
297
+ "result": "a variant of MSIL/Injector.VX"
685
298
  },
686
299
  "Emsisoft": {
687
- "category": "undetected",
300
+ "category": "malicious",
688
301
  "engine_name": "Emsisoft",
689
- "engine_update": "20200902",
302
+ "engine_update": "20191024",
690
303
  "engine_version": "2018.12.0.1641",
691
304
  "method": "blacklist",
692
- "result": null
305
+ "result": "Gen:Variant.Razy.448897 (B)"
306
+ },
307
+ "Endgame": {
308
+ "category": "malicious",
309
+ "engine_name": "Endgame",
310
+ "engine_update": "20190918",
311
+ "engine_version": "3.0.15",
312
+ "method": "blacklist",
313
+ "result": "malicious (high confidence)"
314
+ },
315
+ "F-Prot": {
316
+ "category": "malicious",
317
+ "engine_name": "F-Prot",
318
+ "engine_update": "20191024",
319
+ "engine_version": "4.7.1.166",
320
+ "method": "blacklist",
321
+ "result": "W32/A-7f374f2a!Eldorado"
693
322
  },
694
323
  "F-Secure": {
695
- "category": "undetected",
324
+ "category": "malicious",
696
325
  "engine_name": "F-Secure",
697
- "engine_update": "20200902",
326
+ "engine_update": "20191024",
698
327
  "engine_version": "12.0.86.52",
699
328
  "method": "blacklist",
700
- "result": null
329
+ "result": "Trojan.TR/Dropper.Gen"
701
330
  },
702
331
  "FireEye": {
703
- "category": "undetected",
332
+ "category": "malicious",
704
333
  "engine_name": "FireEye",
705
- "engine_update": "20200902",
706
- "engine_version": "32.36.1.0",
334
+ "engine_update": "20191024",
335
+ "engine_version": "29.7.0.0",
707
336
  "method": "blacklist",
708
- "result": null
337
+ "result": "Generic.mg.e2a1373f5a0024b8"
709
338
  },
710
339
  "Fortinet": {
711
- "category": "undetected",
340
+ "category": "malicious",
712
341
  "engine_name": "Fortinet",
713
- "engine_update": "20200902",
714
- "engine_version": "6.2.142.0",
342
+ "engine_update": "20191024",
343
+ "engine_version": "5.4.247.0",
715
344
  "method": "blacklist",
716
- "result": null
345
+ "result": "MSIL/Injector.VCX!tr"
717
346
  },
718
347
  "GData": {
719
- "category": "undetected",
348
+ "category": "malicious",
720
349
  "engine_name": "GData",
721
- "engine_update": "20200902",
722
- "engine_version": "A:25.26854B:27.20024",
350
+ "engine_update": "20191024",
351
+ "engine_version": "A:25.23753B:26.16399",
723
352
  "method": "blacklist",
724
- "result": null
353
+ "result": "Gen:Variant.Razy.448897"
725
354
  },
726
355
  "Ikarus": {
727
- "category": "undetected",
356
+ "category": "malicious",
728
357
  "engine_name": "Ikarus",
729
- "engine_update": "20200902",
358
+ "engine_update": "20191023",
730
359
  "engine_version": "0.1.5.2",
731
360
  "method": "blacklist",
732
- "result": null
361
+ "result": "Trojan-Dropper"
733
362
  },
734
363
  "Invincea": {
735
- "category": "undetected",
364
+ "category": "malicious",
736
365
  "engine_name": "Invincea",
737
- "engine_update": "20200902",
738
- "engine_version": "1.0.1.0",
366
+ "engine_update": "20190904",
367
+ "engine_version": "6.3.6.26157",
739
368
  "method": "blacklist",
740
- "result": null
369
+ "result": "heuristic"
741
370
  },
742
371
  "Jiangmin": {
743
- "category": "undetected",
372
+ "category": "malicious",
744
373
  "engine_name": "Jiangmin",
745
- "engine_update": "20200902",
374
+ "engine_update": "20191024",
746
375
  "engine_version": "16.0.100",
747
376
  "method": "blacklist",
748
- "result": null
377
+ "result": "Trojan.Generic.adixj"
749
378
  },
750
379
  "K7AntiVirus": {
751
- "category": "undetected",
380
+ "category": "malicious",
752
381
  "engine_name": "K7AntiVirus",
753
- "engine_update": "20200902",
754
- "engine_version": "11.133.35137",
382
+ "engine_update": "20191023",
383
+ "engine_version": "11.74.32344",
755
384
  "method": "blacklist",
756
- "result": null
385
+ "result": "Trojan ( 00363f4b1 )"
757
386
  },
758
387
  "K7GW": {
759
- "category": "undetected",
388
+ "category": "malicious",
760
389
  "engine_name": "K7GW",
761
- "engine_update": "20200902",
762
- "engine_version": "11.133.35139",
390
+ "engine_update": "20191023",
391
+ "engine_version": "11.74.32341",
763
392
  "method": "blacklist",
764
- "result": null
393
+ "result": "Trojan ( 00363f4b1 )"
765
394
  },
766
395
  "Kaspersky": {
767
- "category": "undetected",
396
+ "category": "malicious",
768
397
  "engine_name": "Kaspersky",
769
- "engine_update": "20200902",
398
+ "engine_update": "20191024",
770
399
  "engine_version": "15.0.1.13",
771
400
  "method": "blacklist",
772
- "result": null
401
+ "result": "HEUR:Trojan.Win32.Generic"
773
402
  },
774
403
  "Kingsoft": {
775
404
  "category": "undetected",
776
405
  "engine_name": "Kingsoft",
777
- "engine_update": "20200902",
406
+ "engine_update": "20191024",
778
407
  "engine_version": "2013.8.14.323",
779
408
  "method": "blacklist",
780
409
  "result": null
781
410
  },
782
411
  "MAX": {
783
- "category": "undetected",
412
+ "category": "malicious",
784
413
  "engine_name": "MAX",
785
- "engine_update": "20200902",
414
+ "engine_update": "20191024",
786
415
  "engine_version": "2019.9.16.1",
787
416
  "method": "blacklist",
788
- "result": null
417
+ "result": "malware (ai score=98)"
789
418
  },
790
419
  "Malwarebytes": {
791
- "category": "undetected",
420
+ "category": "malicious",
792
421
  "engine_name": "Malwarebytes",
793
- "engine_update": "20200902",
794
- "engine_version": "3.6.4.335",
422
+ "engine_update": "20191024",
423
+ "engine_version": "2.1.1.1115",
795
424
  "method": "blacklist",
796
- "result": null
425
+ "result": "Worm.Ainslot"
797
426
  },
798
427
  "MaxSecure": {
799
428
  "category": "undetected",
800
429
  "engine_name": "MaxSecure",
801
- "engine_update": "20200901",
430
+ "engine_update": "20191021",
802
431
  "engine_version": "1.0.0.1",
803
432
  "method": "blacklist",
804
433
  "result": null
805
434
  },
806
435
  "McAfee": {
807
- "category": "undetected",
436
+ "category": "malicious",
808
437
  "engine_name": "McAfee",
809
- "engine_update": "20200902",
438
+ "engine_update": "20191024",
810
439
  "engine_version": "6.0.6.653",
811
440
  "method": "blacklist",
812
- "result": null
441
+ "result": "GenericRXAL-AY!E2A1373F5A00"
442
+ },
443
+ "McAfee-GW-Edition": {
444
+ "category": "malicious",
445
+ "engine_name": "McAfee-GW-Edition",
446
+ "engine_update": "20191023",
447
+ "engine_version": "v2017.3010",
448
+ "method": "blacklist",
449
+ "result": "GenericRXAL-AY!E2A1373F5A00"
813
450
  },
814
451
  "MicroWorld-eScan": {
815
- "category": "undetected",
452
+ "category": "malicious",
816
453
  "engine_name": "MicroWorld-eScan",
817
- "engine_update": "20200902",
818
- "engine_version": "14.0.409.0",
454
+ "engine_update": "20191024",
455
+ "engine_version": "14.0.297.0",
819
456
  "method": "blacklist",
820
- "result": null
457
+ "result": "Gen:Variant.Razy.448897"
821
458
  },
822
459
  "Microsoft": {
823
- "category": "undetected",
460
+ "category": "malicious",
824
461
  "engine_name": "Microsoft",
825
- "engine_update": "20200902",
826
- "engine_version": "1.1.17400.5",
462
+ "engine_update": "20191024",
463
+ "engine_version": "1.1.16500.1",
827
464
  "method": "blacklist",
828
- "result": null
465
+ "result": "Backdoor:Win32/Fynloski.A"
829
466
  },
830
467
  "NANO-Antivirus": {
831
- "category": "undetected",
468
+ "category": "malicious",
832
469
  "engine_name": "NANO-Antivirus",
833
- "engine_update": "20200902",
834
- "engine_version": "1.0.134.25140",
470
+ "engine_update": "20191024",
471
+ "engine_version": "1.0.134.24859",
835
472
  "method": "blacklist",
836
- "result": null
473
+ "result": "Trojan.Win32.Win32.dccrbj"
837
474
  },
838
475
  "Paloalto": {
839
- "category": "type-unsupported",
476
+ "category": "undetected",
840
477
  "engine_name": "Paloalto",
841
- "engine_update": "20200902",
478
+ "engine_update": "20191024",
842
479
  "engine_version": "1.0",
843
480
  "method": "blacklist",
844
481
  "result": null
845
482
  },
846
483
  "Panda": {
847
- "category": "undetected",
484
+ "category": "malicious",
848
485
  "engine_name": "Panda",
849
- "engine_update": "20200902",
486
+ "engine_update": "20191023",
850
487
  "engine_version": "4.6.4.2",
851
488
  "method": "blacklist",
852
- "result": null
489
+ "result": "Generic Malware"
853
490
  },
854
491
  "Qihoo-360": {
855
- "category": "undetected",
492
+ "category": "malicious",
856
493
  "engine_name": "Qihoo-360",
857
- "engine_update": "20200902",
494
+ "engine_update": "20191024",
858
495
  "engine_version": "1.0.0.1120",
859
496
  "method": "blacklist",
860
- "result": null
497
+ "result": "HEUR/Malware.QVM03.Gen"
861
498
  },
862
499
  "Rising": {
863
- "category": "undetected",
500
+ "category": "malicious",
864
501
  "engine_name": "Rising",
865
- "engine_update": "20200902",
866
- "engine_version": "25.0.0.26",
502
+ "engine_update": "20191024",
503
+ "engine_version": "25.0.0.24",
867
504
  "method": "blacklist",
868
- "result": null
505
+ "result": "Backdoor.Fynloski!8.1FD (TFE:C:qcZJhR0LIuT)"
869
506
  },
870
507
  "SUPERAntiSpyware": {
871
- "category": "undetected",
508
+ "category": "malicious",
872
509
  "engine_name": "SUPERAntiSpyware",
873
- "engine_update": "20200828",
510
+ "engine_update": "20191019",
874
511
  "engine_version": "5.6.0.1032",
875
512
  "method": "blacklist",
876
- "result": null
877
- },
878
- "Sangfor": {
879
- "category": "undetected",
880
- "engine_name": "Sangfor",
881
- "engine_update": "20200814",
882
- "engine_version": "1.0",
883
- "method": "blacklist",
884
- "result": null
513
+ "result": "Trojan.Agent/Gen-Injector"
885
514
  },
886
515
  "SentinelOne": {
887
- "category": "type-unsupported",
516
+ "category": "malicious",
888
517
  "engine_name": "SentinelOne",
889
- "engine_update": "20200724",
890
- "engine_version": "4.4.0.0",
518
+ "engine_update": "20190807",
519
+ "engine_version": "1.0.31.22",
891
520
  "method": "blacklist",
892
- "result": null
521
+ "result": "DFI - Malicious PE"
893
522
  },
894
523
  "Sophos": {
895
- "category": "undetected",
524
+ "category": "malicious",
896
525
  "engine_name": "Sophos",
897
- "engine_update": "20200902",
526
+ "engine_update": "20191023",
898
527
  "engine_version": "4.98.0",
899
528
  "method": "blacklist",
900
- "result": null
529
+ "result": "Mal/Generic-S"
901
530
  },
902
531
  "Symantec": {
903
- "category": "undetected",
532
+ "category": "malicious",
904
533
  "engine_name": "Symantec",
905
- "engine_update": "20200902",
906
- "engine_version": "1.12.0.0",
534
+ "engine_update": "20191023",
535
+ "engine_version": "1.11.0.0",
907
536
  "method": "blacklist",
908
- "result": null
537
+ "result": "ML.Attribute.HighConfidence"
909
538
  },
910
539
  "SymantecMobileInsight": {
911
540
  "category": "type-unsupported",
912
541
  "engine_name": "SymantecMobileInsight",
913
- "engine_update": "20200813",
542
+ "engine_update": "20191023",
914
543
  "engine_version": "2.0",
915
544
  "method": "blacklist",
916
545
  "result": null
@@ -918,15 +547,15 @@ http_interactions:
918
547
  "TACHYON": {
919
548
  "category": "undetected",
920
549
  "engine_name": "TACHYON",
921
- "engine_update": "20200902",
922
- "engine_version": "2020-09-02.02",
550
+ "engine_update": "20191024",
551
+ "engine_version": "2019-10-24.01",
923
552
  "method": "blacklist",
924
553
  "result": null
925
554
  },
926
555
  "Tencent": {
927
556
  "category": "undetected",
928
557
  "engine_name": "Tencent",
929
- "engine_update": "20200902",
558
+ "engine_update": "20191024",
930
559
  "engine_version": "1.0.0.1",
931
560
  "method": "blacklist",
932
561
  "result": null
@@ -934,104 +563,104 @@ http_interactions:
934
563
  "TotalDefense": {
935
564
  "category": "undetected",
936
565
  "engine_name": "TotalDefense",
937
- "engine_update": "20200902",
566
+ "engine_update": "20191023",
938
567
  "engine_version": "37.1.62.1",
939
568
  "method": "blacklist",
940
569
  "result": null
941
570
  },
942
- "TrendMicro": {
571
+ "Trapmine": {
943
572
  "category": "undetected",
573
+ "engine_name": "Trapmine",
574
+ "engine_update": "20190826",
575
+ "engine_version": "3.1.81.800",
576
+ "method": "blacklist",
577
+ "result": null
578
+ },
579
+ "TrendMicro": {
580
+ "category": "malicious",
944
581
  "engine_name": "TrendMicro",
945
- "engine_update": "20200902",
582
+ "engine_update": "20191024",
946
583
  "engine_version": "11.0.0.1006",
947
584
  "method": "blacklist",
948
- "result": null
585
+ "result": "TROJ_GEN.R002C0CJJ19"
949
586
  },
950
587
  "TrendMicro-HouseCall": {
951
- "category": "undetected",
588
+ "category": "malicious",
952
589
  "engine_name": "TrendMicro-HouseCall",
953
- "engine_update": "20200902",
590
+ "engine_update": "20191024",
954
591
  "engine_version": "10.0.0.1040",
955
592
  "method": "blacklist",
956
- "result": null
593
+ "result": "TROJ_GEN.R002C0CJJ19"
957
594
  },
958
595
  "Trustlook": {
959
596
  "category": "type-unsupported",
960
597
  "engine_name": "Trustlook",
961
- "engine_update": "20200902",
598
+ "engine_update": "20191024",
962
599
  "engine_version": "1.0",
963
600
  "method": "blacklist",
964
601
  "result": null
965
602
  },
966
603
  "VBA32": {
967
- "category": "undetected",
604
+ "category": "malicious",
968
605
  "engine_name": "VBA32",
969
- "engine_update": "20200902",
970
- "engine_version": "4.4.1",
606
+ "engine_update": "20191023",
607
+ "engine_version": "4.2.0",
971
608
  "method": "blacklist",
972
- "result": null
609
+ "result": "Trojan.Stealer"
973
610
  },
974
611
  "VIPRE": {
975
- "category": "undetected",
612
+ "category": "malicious",
976
613
  "engine_name": "VIPRE",
977
- "engine_update": "20200902",
978
- "engine_version": "86384",
614
+ "engine_update": "20191024",
615
+ "engine_version": "78804",
979
616
  "method": "blacklist",
980
- "result": null
617
+ "result": "Trojan.Win32.Generic!BT"
981
618
  },
982
619
  "ViRobot": {
983
620
  "category": "undetected",
984
621
  "engine_name": "ViRobot",
985
- "engine_update": "20200902",
622
+ "engine_update": "20191023",
986
623
  "engine_version": "2014.3.20.0",
987
624
  "method": "blacklist",
988
625
  "result": null
989
626
  },
990
627
  "Webroot": {
991
- "category": "type-unsupported",
628
+ "category": "malicious",
992
629
  "engine_name": "Webroot",
993
- "engine_update": "20200902",
630
+ "engine_update": "20191024",
994
631
  "engine_version": "1.0.0.403",
995
632
  "method": "blacklist",
996
- "result": null
633
+ "result": "W32.Dropper.Gen"
997
634
  },
998
635
  "Yandex": {
999
- "category": "undetected",
636
+ "category": "malicious",
1000
637
  "engine_name": "Yandex",
1001
- "engine_update": "20200901",
638
+ "engine_update": "20191023",
1002
639
  "engine_version": "5.5.2.24",
1003
640
  "method": "blacklist",
1004
- "result": null
641
+ "result": "Trojan.Agent!V+Ry11PvhKQ"
1005
642
  },
1006
643
  "Zillya": {
1007
- "category": "undetected",
644
+ "category": "malicious",
1008
645
  "engine_name": "Zillya",
1009
- "engine_update": "20200901",
1010
- "engine_version": "2.0.0.4166",
646
+ "engine_update": "20191023",
647
+ "engine_version": "2.0.0.3931",
1011
648
  "method": "blacklist",
1012
- "result": null
649
+ "result": "Dropper.Injector.Win32.17840"
1013
650
  },
1014
651
  "ZoneAlarm": {
1015
- "category": "undetected",
652
+ "category": "malicious",
1016
653
  "engine_name": "ZoneAlarm",
1017
- "engine_update": "20200902",
654
+ "engine_update": "20191024",
1018
655
  "engine_version": "1.0",
1019
656
  "method": "blacklist",
1020
- "result": null
657
+ "result": "HEUR:Trojan.Win32.Generic"
1021
658
  },
1022
659
  "Zoner": {
1023
660
  "category": "undetected",
1024
661
  "engine_name": "Zoner",
1025
- "engine_update": "20200901",
1026
- "engine_version": "0.0.0.0",
1027
- "method": "blacklist",
1028
- "result": null
1029
- },
1030
- "eGambit": {
1031
- "category": "type-unsupported",
1032
- "engine_name": "eGambit",
1033
- "engine_update": "20200902",
1034
- "engine_version": null,
662
+ "engine_update": "20191021",
663
+ "engine_version": "1.0.0.1",
1035
664
  "method": "blacklist",
1036
665
  "result": null
1037
666
  }
@@ -1040,189 +669,177 @@ http_interactions:
1040
669
  "confirmed-timeout": 0,
1041
670
  "failure": 0,
1042
671
  "harmless": 0,
1043
- "malicious": 0,
672
+ "malicious": 57,
1044
673
  "suspicious": 0,
1045
674
  "timeout": 0,
1046
- "type-unsupported": 14,
1047
- "undetected": 59
675
+ "type-unsupported": 2,
676
+ "undetected": 13
1048
677
  },
1049
- "last_modification_date": 1599055327,
1050
- "last_submission_date": 1599045062,
1051
- "magic": "very short file (no magic)",
1052
- "md5": "68b329da9893e34099c7d8ad5cb9c940",
1053
- "meaningful_name": "standalone-framework.js",
678
+ "last_modification_date": 1591850641,
679
+ "last_submission_date": 1571482228,
680
+ "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly",
681
+ "md5": "e2a1373f5a0024b81742be35880f9422",
682
+ "meaningful_name": "WindowsApplication1.exe",
1054
683
  "names": [
1055
- "432894.js",
1056
- "logo_image.php",
1057
- "download-redtube-videos-de-2",
1058
- "index.html",
1059
- "missouri-payday-loans-online-2",
1060
- "real-hook-up-sites",
1061
- "wjrfwuxtcflts2gxbgddk0flt0n6a3vtwkrfshdqy1yrtfbcnnrksw5qa01ia243nm5wngxbsflyshzxrglawwvjzwfxdjv1z3z5qzzeyjrtq1hmcgpdvmy4ymy3cdd3rm95oudrmwjdq3bza1nmy3j2ylz5tzfrbddyddngtcs=",
1062
- "index.php",
1063
- "pjx",
1064
- "cecc",
1065
- "/var/www/clean-mx/virusesevidence/output.124266458.txt",
1066
- "lg.php",
1067
- "174e",
1068
- "SGF-1000-Fact-Sheet.pdf",
1069
- "mkbnetbankar.hu",
1070
- "playing",
1071
- "internet-brides-2",
1072
- "stanislav-kravcov",
1073
- "c+++dlls+in+labview",
1074
- "psa",
1075
- "rlz",
1076
- "12",
1077
- "onlineeduhelp",
1078
- "bms.exe",
1079
- "fs.html)",
1080
- "error_404.html",
1081
- "cbd-oildiscount-website",
1082
- "index.htm",
1083
- "20141106144718814148788.doc",
1084
- "education-school-tips",
1085
- "educational-innovation",
1086
- "camcrush-webcam-chat-rooms-2",
1087
- "bgclive-review-2",
1088
- "ARLConsulSetup.exe",
1089
- "OO",
1090
- "proceso.php",
1091
- "bJxzZMKUFX",
1092
- "edutrik",
1093
- "annotatedbibliography",
1094
- "/var/www/clean-mx/virusesevidence/output.124357766.txt",
1095
- "xkhqaghyIRApCdjid",
1096
- "classified-hookup-sites-2",
1097
- "excelz",
1098
- "6yFdvLUwfxM7PhxJHy",
1099
- "JMRGBOPS2DLCREVOLUTION",
1100
- "pornporn.online",
1101
- "wxYee",
1102
- "super-monopoly-money-slot-loophole",
1103
- "edutrics",
1104
- "pxre-ns-297",
1105
- "D0hEXxcZIagKUzDIp",
1106
- "sound_e",
1107
- "68b329da9893e34099c7d8ad5cb9c940.js",
1108
- "feature-03",
1109
- "smrd.htm",
1110
- "main05.php",
1111
- "main02.php",
1112
- "main01.php",
1113
- "MiqrGsUEOVy4ijhIX",
1114
- "location",
1115
- "getkey.php",
1116
- "/var/www/clean-mx/virusesevidence/output.124408803.txt",
1117
- "MainLink.do",
1118
- "q3FDOwcVQhXwwBhPvFZ",
1119
- "854a636e94caea74b94de7d70b432476.csv",
1120
- "edu",
1121
- "fzn",
1122
- "top-custom-writers",
1123
- "essaytips",
1124
- "KTU84Q)&v=3&latitude=0.0&longitude=0.0&um5=1d1c54240f4e8e173862433d29a52ca5&o1=e8ff46a1bde24167e4cc614c686c7b18b222de1f",
1125
- "tcr6atzyle9c_4o0v4h-495844678765",
1126
- "interracial-dating-central-dating-2",
1127
- "light_image",
1128
- "msg.jpg",
1129
- "false",
1130
- "gs10h51fg16p_oggx8swk2m",
1131
- "new-jersey-governor-signs-athletics-betting-42",
1132
- "before-you-are-left-behind-what-you-have-to-do-to",
1133
- "thinking-about-core-aspects-of-russiansbrides",
1134
- "almost-all-important-online-casino-companies",
1135
- "help-with-python-homework",
1136
- "paper-writing-tips",
1137
- "54805244615",
1138
- "database.txt",
1139
- "d0%EF%BF%BD%D0%BE%D0%BC%D0%BF%D0%B0%D0%BD%D0%B8%D1%8F:%D0%9C.%D0%92%D0%B8%D0%B4%D0%B5%D0%BE-%D0%AD%D0%BB%D1%8C%D0%B4%D0%BE%D1%80%D0%B0%D0%B4%D0%BE",
1140
- "m0uhxhf6tpgspmzi",
1141
- "analytics.php",
1142
- "stock",
1143
- "k.php",
1144
- "zLykJ-ETE7liAemnpIGW_qgDQuEJLY-Ye8",
1145
- "/var/www/clean-mx/virusesevidence/output.124529869.txt",
1146
- "dl.php",
1147
- "authorization.css",
1148
- "t.php",
1149
- "M9Spglia8HrDzf3DSr",
1150
- "777.freshteens.site",
1151
- "main03.php",
1152
- "404.html",
1153
- "20200808",
1154
- "test"
684
+ "%WINDIR%\\syswow64\\authcl.exe",
685
+ "WindowsApplication1.exe",
686
+ "myfile.exe",
687
+ "e2a1373f5a0024b81742be35880f9422",
688
+ "file-3634492_exe",
689
+ "c:/aa/aa",
690
+ "C:\\Nb0r\\BUYQCKY.vcf",
691
+ "C:\\fuAqk\\qfbN7B85\\bMrhSZ.tgz"
1155
692
  ],
1156
- "nsrl_info": {
1157
- "filenames": [
1158
- "NOOP.RULES, RESOLV.CONF",
1159
- "extralibs.ld",
1160
- "Recorder.bat, admin.passwd",
1161
- "EXTRALIB.LD, NOOP.RUL",
1162
- "CTX, HMETOPMG, NOOP.RUL, PMGRP, PMGSEG",
1163
- "DISK_1, DISK_2",
1164
- "disk_1, disk_2, disk_3",
1165
- "DUMMY.MPG",
1166
- "NNTPSERV, NOOP.RUL, UUCP_UC0.M4",
1167
- "BJC820",
1168
- "GSYSTAG.FON",
1169
- "AT.DEN, EXTRALIB.LD",
1170
- "EXTRALIBS.LD, GSYSTAG.FON",
1171
- "noop.rules",
1172
- "certify",
1173
- "master.admin.conf",
1174
- "EXTRALIB.LD",
1175
- "_relops_template.h, setupserver_UNIX_SOLSG.ini",
1176
- "PMGSEG",
1177
- "2040, 2040.dump, dat, pidfile"
693
+ "packers": {
694
+ "PEiD": ".NET executable"
695
+ },
696
+ "pe_info": {
697
+ "entry_point": 23518,
698
+ "imphash": "f34d5f2d4577ed6d9ceec516c1f5a744",
699
+ "import_list": [
700
+ {
701
+ "imported_functions": [
702
+ "_CorExeMain"
703
+ ],
704
+ "library_name": "mscoree.dll"
705
+ }
1178
706
  ],
1179
- "products": [
1180
- "Linux (Corel Corporation)",
1181
- "MySQL (NuSphere Corporation)",
1182
- "Tivoli Manager (Tivoli)",
1183
- "SunSolve (Sun Microsystems)",
1184
- "Solaris (Sun Microsystems)",
1185
- "Solaris Server (Sun Microsystems)",
1186
- "OmniSwitch MPM (Xylan Corporation)",
1187
- "Omni S/R MPX (Xylan Corporation)",
1188
- "Oracle Video Server (Oracle)",
1189
- "Linux Developers Resource (InfoMagic Inc.)",
1190
- "Ultra Pack (Sun Microsystems)",
1191
- "Windows 2000 Server Resource Kit (Microsoft)",
1192
- "Mac OS X (Apple Computer Inc.)",
1193
- "Platforms, Servers, Applications (Microsoft)",
1194
- "Applications, Platforms, Servers (Microsoft)",
1195
- "Red Hat Linux (Red Hat Software Inc.)",
1196
- "Windows XP (Microsoft)",
1197
- "Windows DDks (Microsoft)",
1198
- "Windows 2000 Versions (Microsoft)",
1199
- "Sun ONE Advantage Software (Sun Microsystems)"
1200
- ]
707
+ "machine_type": 332,
708
+ "overlay": {
709
+ "chi2": 1014207.75,
710
+ "entropy": 6.000185966491699,
711
+ "filetype": "ASCII text",
712
+ "md5": "c707031a565895f35e0ca2234fd707fc",
713
+ "offset": 20992,
714
+ "size": 337992
715
+ },
716
+ "resource_details": [
717
+ {
718
+ "chi2": 46193.4609375,
719
+ "entropy": 2.7141945362091064,
720
+ "filetype": "data",
721
+ "lang": "NEUTRAL",
722
+ "sha256": "7c5a5e79e83118e35690003b7af90edf66caea64b38e03bf65e555c49c3a5b31",
723
+ "type": "RT_ICON"
724
+ },
725
+ {
726
+ "chi2": 22977.515625,
727
+ "entropy": 2.536116123199463,
728
+ "filetype": "data",
729
+ "lang": "NEUTRAL",
730
+ "sha256": "bf763501e16f639d5223f88427789665cb0baa9af8877e2e83c65e16016ab8b1",
731
+ "type": "RT_ICON"
732
+ },
733
+ {
734
+ "chi2": 2285.05859375,
735
+ "entropy": 2.477025032043457,
736
+ "filetype": "data",
737
+ "lang": "NEUTRAL",
738
+ "sha256": "e5d571d7f26fa57c7e00290d0fa8aef8c1d519983e0aa5ecd75f5d4b41fa4cda",
739
+ "type": "RT_GROUP_ICON"
740
+ },
741
+ {
742
+ "chi2": 59830.9453125,
743
+ "entropy": 3.3242666721343994,
744
+ "filetype": "data",
745
+ "lang": "NEUTRAL",
746
+ "sha256": "5b181f966455046910c9c74bbcb492165632ea11500b046bef9a9cfbf8012c12",
747
+ "type": "RT_VERSION"
748
+ },
749
+ {
750
+ "chi2": 29694.9140625,
751
+ "entropy": 4.939681053161621,
752
+ "filetype": "data",
753
+ "lang": "NEUTRAL",
754
+ "sha256": "cc128d68001f9e550cb5a7f3b740f75fd55f1a51aded97193edc9ab8dd72c3f4",
755
+ "type": "RT_MANIFEST"
756
+ }
757
+ ],
758
+ "resource_langs": {
759
+ "NEUTRAL": 5
760
+ },
761
+ "resource_types": {
762
+ "RT_GROUP_ICON": 1,
763
+ "RT_ICON": 2,
764
+ "RT_MANIFEST": 1,
765
+ "RT_VERSION": 1
766
+ },
767
+ "sections": [
768
+ {
769
+ "entropy": 5.78,
770
+ "md5": "c561514eedc1858cdd530ff239b7dd54",
771
+ "name": ".text",
772
+ "raw_size": 15360,
773
+ "virtual_address": 8192,
774
+ "virtual_size": 15332
775
+ },
776
+ {
777
+ "entropy": 4.74,
778
+ "md5": "22ddefbb74b0ba2a9136d88159dc874a",
779
+ "name": ".rsrc",
780
+ "raw_size": 4608,
781
+ "virtual_address": 24576,
782
+ "virtual_size": 4432
783
+ },
784
+ {
785
+ "entropy": 0.08,
786
+ "md5": "7ad653a900bf1dc0a5927a51215d2ebe",
787
+ "name": ".reloc",
788
+ "raw_size": 512,
789
+ "virtual_address": 32768,
790
+ "virtual_size": 12
791
+ }
792
+ ],
793
+ "timestamp": 1330865387
1201
794
  },
1202
- "reputation": -539,
1203
- "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
795
+ "reputation": 0,
796
+ "sha1": "d5fe4a085524645eb895dfff34e96cf2d1e9657f",
1204
797
  "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
1205
- "size": 1,
1206
- "ssdeep": "3:v:v",
798
+ "signature_info": {
799
+ "copyright": "WindowsApplication1",
800
+ "description": " ",
801
+ "file version": "1.3.0.0",
802
+ "internal name": "WindowsApplication1.exe",
803
+ "original name": "WindowsApplication1.exe"
804
+ },
805
+ "size": 358984,
806
+ "ssdeep": "6144:94VnmIRuxqDVQ4UFM7H9fdLXC2s2ibVjhSTagxnpzI+cqrwkTlUH157veB:Kn6GQ48MDJ99TaMpzz7rwkTlUHXO",
1207
807
  "tags": [
1208
- "nsrl",
1209
- "attachment",
1210
- "trusted",
1211
- "via-tor"
808
+ "peexe",
809
+ "assembly",
810
+ "overlay"
1212
811
  ],
1213
- "times_submitted": 12306,
812
+ "times_submitted": 3,
1214
813
  "total_votes": {
1215
- "harmless": 32,
1216
- "malicious": 93
1217
- },
1218
- "trusted_verdict": {
1219
- "filename": "standalone-framework.js",
1220
- "generator": "Microsoft Corporation",
1221
- "organization": "Microsoft Corporation",
1222
- "verdict": "goodware"
814
+ "harmless": 0,
815
+ "malicious": 0
1223
816
  },
1224
- "type_description": "unknown",
1225
- "unique_sources": 964
817
+ "trid": [
818
+ {
819
+ "file_type": "Generic CIL Executable (.NET, Mono, etc.)",
820
+ "probability": 55.8
821
+ },
822
+ {
823
+ "file_type": "Win64 Executable (generic)",
824
+ "probability": 21.0
825
+ },
826
+ {
827
+ "file_type": "Windows screen saver",
828
+ "probability": 9.9
829
+ },
830
+ {
831
+ "file_type": "Win32 Dynamic Link Library (generic)",
832
+ "probability": 5.0
833
+ },
834
+ {
835
+ "file_type": "Win32 Executable (generic)",
836
+ "probability": 3.4
837
+ }
838
+ ],
839
+ "type_description": "Win32 EXE",
840
+ "type_tag": "peexe",
841
+ "unique_sources": 3,
842
+ "vhash": "235036555511507a1230050"
1226
843
  },
1227
844
  "id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
1228
845
  "links": {
@@ -1232,5 +849,5 @@ http_interactions:
1232
849
  }
1233
850
  }
1234
851
  http_version:
1235
- recorded_at: Wed, 02 Sep 2020 14:02:33 GMT
852
+ recorded_at: Tue, 29 Sep 2020 10:22:20 GMT
1236
853
  recorded_with: VCR 5.0.0