Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Experiment: Querry checksum of downloaded files in virustotal #55

Open
Kreyren opened this issue Nov 25, 2019 · 1 comment
Open

Experiment: Querry checksum of downloaded files in virustotal #55

Kreyren opened this issue Nov 25, 2019 · 1 comment
Assignees
Labels
help wanted Extra attention is needed P1 - Very important The most important issues PROJECT SECURITY

Comments

@Kreyren
Copy link
Member

Kreyren commented Nov 25, 2019

Virustotal (https://www.virustotal.com/) has a database of checksums that we may be able to fetch in winetricks to check executables prior to invoking them.

So this basically implements a fast anti-virus in winetricks if it works.

@Kreyren Kreyren added help wanted Extra attention is needed P1 - Very important The most important issues PROJECT labels Nov 25, 2019
@Kreyren Kreyren self-assigned this Nov 25, 2019
@Kreyren
Copy link
Member Author

Kreyren commented Nov 25, 2019

Works like a charm we even get a lots of helpful info about the file:

kreyren@dreamon:~$ curl --request GET --url https://www.virustotal.com/api/v3/files/f0696bc98bf69a953554104b22e5a4d610dbfb344654c3e729a2851acc12c24e --header 'x-apikey: 2ad9c6c2d0dc50881aa6f08af9f74696ef1fe9a24ad16e7632a6c241d33d8d94'
{
    "data": {
        "attributes": {
            "authentihash": "f520debee79ac2ebd7a128744fc02d8b5eaf64529477457886b0429f38adb2e9",
            "creation_date": 1550185518,
            "exiftool": {
                "CharacterSet": "Unicode",
                "CodeSize": 2916352,
                "CompanyName": "Blizzard Entertainment",
                "EntryPoint": "0x1385f3",
                "FileDescription": "Battle.net Setup",
                "FileFlagsMask": "0x003f",
                "FileOS": "Win32",
                "FileSubtype": 0,
                "FileType": "Win32 EXE",
                "FileTypeExtension": "exe",
                "FileVersion": "1.16.3.2988",
                "FileVersionNumber": "1.16.3.2988",
                "ImageFileCharacteristics": "Executable, 32-bit",
                "ImageVersion": 0.0,
                "InitializedDataSize": 1975296,
                "InternalName": "Battle.net Setup",
                "LanguageCode": "Neutral",
                "LegalCopyright": "   2005-2019 Blizzard Entertainment Inc.",
                "LinkerVersion": 14.15,
                "MIMEType": "application/octet-stream",
                "MachineType": "Intel 386 or later, and compatibles",
                "OSVersion": 6.0,
                "ObjectFileType": "Executable application",
                "OriginalFileName": "Battle.net-Setup.exe",
                "PEType": "PE32",
                "ProductName": "Battle.net Setup",
                "ProductVersion": "1.16.3.2988",
                "ProductVersionNumber": "1.16.3.2988",
                "Subsystem": "Windows GUI",
                "SubsystemVersion": 6.0,
                "TimeStamp": "2019:02:15 00:05:18+01:00",
                "UninitializedDataSize": 0
            },
            "first_submission_date": 1574705971,
            "last_analysis_date": 1574705971,
            "last_analysis_results": {
                "ALYac": {
                    "category": "undetected",
                    "engine_name": "ALYac",
                    "engine_update": "20191125",
                    "engine_version": "1.1.1.5",
                    "method": "blacklist",
                    "result": null
                },
                "APEX": {
                    "category": "undetected",
                    "engine_name": "APEX",
                    "engine_update": "20191125",
                    "engine_version": "5.89",
                    "method": "blacklist",
                    "result": null
                },
                "AVG": {
                    "category": "undetected",
                    "engine_name": "AVG",
                    "engine_update": "20191125",
                    "engine_version": "18.4.3895.0",
                    "method": "blacklist",
                    "result": null
                },
                "Acronis": {
                    "category": "undetected",
                    "engine_name": "Acronis",
                    "engine_update": "20191122",
                    "engine_version": "1.1.1.58",
                    "method": "blacklist",
                    "result": null
                },
                "Ad-Aware": {
                    "category": "undetected",
                    "engine_name": "Ad-Aware",
                    "engine_update": "20191125",
                    "engine_version": "3.0.5.370",
                    "method": "blacklist",
                    "result": null
                },
                "AegisLab": {
                    "category": "undetected",
                    "engine_name": "AegisLab",
                    "engine_update": "20191125",
                    "engine_version": "4.2",
                    "method": "blacklist",
                    "result": null
                },
                "AhnLab-V3": {
                    "category": "undetected",
                    "engine_name": "AhnLab-V3",
                    "engine_update": "20191125",
                    "engine_version": "3.16.5.25880",
                    "method": "blacklist",
                    "result": null
                },
                "Alibaba": {
                    "category": "undetected",
                    "engine_name": "Alibaba",
                    "engine_update": "20190527",
                    "engine_version": "0.3.0.5",
                    "method": "blacklist",
                    "result": null
                },
                "Arcabit": {
                    "category": "undetected",
                    "engine_name": "Arcabit",
                    "engine_update": "20191125",
                    "engine_version": "1.0.0.865",
                    "method": "blacklist",
                    "result": null
                },
                "Avast": {
                    "category": "undetected",
                    "engine_name": "Avast",
                    "engine_update": "20191125",
                    "engine_version": "18.4.3895.0",
                    "method": "blacklist",
                    "result": null
                },
                "Avast-Mobile": {
                    "category": "undetected",
                    "engine_name": "Avast-Mobile",
                    "engine_update": "20191125",
                    "engine_version": "191125-00",
                    "method": "blacklist",
                    "result": null
                },
                "Avira": {
                    "category": "undetected",
                    "engine_name": "Avira",
                    "engine_update": "20191125",
                    "engine_version": "8.3.3.8",
                    "method": "blacklist",
                    "result": null
                },
                "Baidu": {
                    "category": "undetected",
                    "engine_name": "Baidu",
                    "engine_update": "20190318",
                    "engine_version": "1.0.0.2",
                    "method": "blacklist",
                    "result": null
                },
                "BitDefender": {
                    "category": "undetected",
                    "engine_name": "BitDefender",
                    "engine_update": "20191125",
                    "engine_version": "7.2",
                    "method": "blacklist",
                    "result": null
                },
                "BitDefenderTheta": {
                    "category": "undetected",
                    "engine_name": "BitDefenderTheta",
                    "engine_update": "20191125",
                    "engine_version": "7.2.37796.0",
                    "method": "blacklist",
                    "result": null
                },
                "Bkav": {
                    "category": "timeout",
                    "engine_name": "Bkav",
                    "engine_update": "20191125",
                    "engine_version": "1.3.0.9899",
                    "method": "blacklist",
                    "result": null
                },
                "CAT-QuickHeal": {
                    "category": "undetected",
                    "engine_name": "CAT-QuickHeal",
                    "engine_update": "20191125",
                    "engine_version": "14.00",
                    "method": "blacklist",
                    "result": null
                },
                "CMC": {
                    "category": "undetected",
                    "engine_name": "CMC",
                    "engine_update": "20190321",
                    "engine_version": "1.1.0.977",
                    "method": "blacklist",
                    "result": null
                },
                "ClamAV": {
                    "category": "undetected",
                    "engine_name": "ClamAV",
                    "engine_update": "20191125",
                    "engine_version": "0.102.1.0",
                    "method": "blacklist",
                    "result": null
                },
                "Comodo": {
                    "category": "undetected",
                    "engine_name": "Comodo",
                    "engine_update": "20191125",
                    "engine_version": "31765",
                    "method": "blacklist",
                    "result": null
                },
                "CrowdStrike": {
                    "category": "undetected",
                    "engine_name": "CrowdStrike",
                    "engine_update": "20190702",
                    "engine_version": "1.0",
                    "method": "blacklist",
                    "result": null
                },
                "Cybereason": {
                    "category": "undetected",
                    "engine_name": "Cybereason",
                    "engine_update": "20190616",
                    "engine_version": "1.2.449",
                    "method": "blacklist",
                    "result": null
                },
                "Cylance": {
                    "category": "undetected",
                    "engine_name": "Cylance",
                    "engine_update": "20191125",
                    "engine_version": "2.3.1.101",
                    "method": "blacklist",
                    "result": null
                },
                "Cyren": {
                    "category": "undetected",
                    "engine_name": "Cyren",
                    "engine_update": "20191125",
                    "engine_version": "6.2.2.2",
                    "method": "blacklist",
                    "result": null
                },
                "DrWeb": {
                    "category": "undetected",
                    "engine_name": "DrWeb",
                    "engine_update": "20191125",
                    "engine_version": "7.0.42.9300",
                    "method": "blacklist",
                    "result": null
                },
                "ESET-NOD32": {
                    "category": "undetected",
                    "engine_name": "ESET-NOD32",
                    "engine_update": "20191125",
                    "engine_version": "20406",
                    "method": "blacklist",
                    "result": null
                },
                "Emsisoft": {
                    "category": "undetected",
                    "engine_name": "Emsisoft",
                    "engine_update": "20191031",
                    "engine_version": "2018.12.0.1641",
                    "method": "blacklist",
                    "result": null
                },
                "Endgame": {
                    "category": "undetected",
                    "engine_name": "Endgame",
                    "engine_update": "20190918",
                    "engine_version": "3.0.15",
                    "method": "blacklist",
                    "result": null
                },
                "F-Prot": {
                    "category": "undetected",
                    "engine_name": "F-Prot",
                    "engine_update": "20191125",
                    "engine_version": "4.7.1.166",
                    "method": "blacklist",
                    "result": null
                },
                "F-Secure": {
                    "category": "undetected",
                    "engine_name": "F-Secure",
                    "engine_update": "20191125",
                    "engine_version": "12.0.86.52",
                    "method": "blacklist",
                    "result": null
                },
                "FireEye": {
                    "category": "undetected",
                    "engine_name": "FireEye",
                    "engine_update": "20191125",
                    "engine_version": "29.7.0.0",
                    "method": "blacklist",
                    "result": null
                },
                "Fortinet": {
                    "category": "undetected",
                    "engine_name": "Fortinet",
                    "engine_update": "20191125",
                    "engine_version": "6.2.137.0",
                    "method": "blacklist",
                    "result": null
                },
                "GData": {
                    "category": "undetected",
                    "engine_name": "GData",
                    "engine_update": "20191125",
                    "engine_version": "A:25.24095B:26.16774",
                    "method": "blacklist",
                    "result": null
                },
                "Ikarus": {
                    "category": "undetected",
                    "engine_name": "Ikarus",
                    "engine_update": "20191125",
                    "engine_version": "0.1.5.2",
                    "method": "blacklist",
                    "result": null
                },
                "Invincea": {
                    "category": "undetected",
                    "engine_name": "Invincea",
                    "engine_update": "20190904",
                    "engine_version": "6.3.6.26157",
                    "method": "blacklist",
                    "result": null
                },
                "Jiangmin": {
                    "category": "undetected",
                    "engine_name": "Jiangmin",
                    "engine_update": "20191125",
                    "engine_version": "16.0.100",
                    "method": "blacklist",
                    "result": null
                },
                "K7AntiVirus": {
                    "category": "undetected",
                    "engine_name": "K7AntiVirus",
                    "engine_update": "20191125",
                    "engine_version": "11.80.32635",
                    "method": "blacklist",
                    "result": null
                },
                "K7GW": {
                    "category": "undetected",
                    "engine_name": "K7GW",
                    "engine_update": "20191125",
                    "engine_version": "11.80.32636",
                    "method": "blacklist",
                    "result": null
                },
                "Kaspersky": {
                    "category": "undetected",
                    "engine_name": "Kaspersky",
                    "engine_update": "20191125",
                    "engine_version": "15.0.1.13",
                    "method": "blacklist",
                    "result": null
                },
                "Kingsoft": {
                    "category": "undetected",
                    "engine_name": "Kingsoft",
                    "engine_update": "20191125",
                    "engine_version": "2013.8.14.323",
                    "method": "blacklist",
                    "result": null
                },
                "MAX": {
                    "category": "undetected",
                    "engine_name": "MAX",
                    "engine_update": "20191125",
                    "engine_version": "2019.9.16.1",
                    "method": "blacklist",
                    "result": null
                },
                "Malwarebytes": {
                    "category": "undetected",
                    "engine_name": "Malwarebytes",
                    "engine_update": "20191125",
                    "engine_version": "2.1.1.1115",
                    "method": "blacklist",
                    "result": null
                },
                "MaxSecure": {
                    "category": "undetected",
                    "engine_name": "MaxSecure",
                    "engine_update": "20191123",
                    "engine_version": "1.0.0.1",
                    "method": "blacklist",
                    "result": null
                },
                "McAfee": {
                    "category": "undetected",
                    "engine_name": "McAfee",
                    "engine_update": "20191125",
                    "engine_version": "6.0.6.653",
                    "method": "blacklist",
                    "result": null
                },
                "McAfee-GW-Edition": {
                    "category": "undetected",
                    "engine_name": "McAfee-GW-Edition",
                    "engine_update": "20191125",
                    "engine_version": "v2017.3010",
                    "method": "blacklist",
                    "result": null
                },
                "MicroWorld-eScan": {
                    "category": "undetected",
                    "engine_name": "MicroWorld-eScan",
                    "engine_update": "20191125",
                    "engine_version": "14.0.297.0",
                    "method": "blacklist",
                    "result": null
                },
                "Microsoft": {
                    "category": "undetected",
                    "engine_name": "Microsoft",
                    "engine_update": "20191125",
                    "engine_version": "1.1.16500.1",
                    "method": "blacklist",
                    "result": null
                },
                "NANO-Antivirus": {
                    "category": "undetected",
                    "engine_name": "NANO-Antivirus",
                    "engine_update": "20191125",
                    "engine_version": "1.0.134.24859",
                    "method": "blacklist",
                    "result": null
                },
                "Paloalto": {
                    "category": "undetected",
                    "engine_name": "Paloalto",
                    "engine_update": "20191125",
                    "engine_version": "1.0",
                    "method": "blacklist",
                    "result": null
                },
                "Panda": {
                    "category": "undetected",
                    "engine_name": "Panda",
                    "engine_update": "20191125",
                    "engine_version": "4.6.4.2",
                    "method": "blacklist",
                    "result": null
                },
                "Qihoo-360": {
                    "category": "undetected",
                    "engine_name": "Qihoo-360",
                    "engine_update": "20191125",
                    "engine_version": "1.0.0.1120",
                    "method": "blacklist",
                    "result": null
                },
                "Rising": {
                    "category": "undetected",
                    "engine_name": "Rising",
                    "engine_update": "20191125",
                    "engine_version": "25.0.0.24",
                    "method": "blacklist",
                    "result": null
                },
                "SUPERAntiSpyware": {
                    "category": "undetected",
                    "engine_name": "SUPERAntiSpyware",
                    "engine_update": "20191122",
                    "engine_version": "5.6.0.1032",
                    "method": "blacklist",
                    "result": null
                },
                "SentinelOne": {
                    "category": "undetected",
                    "engine_name": "SentinelOne",
                    "engine_update": "20191118",
                    "engine_version": "1.11.0.53",
                    "method": "blacklist",
                    "result": null
                },
                "Sophos": {
                    "category": "undetected",
                    "engine_name": "Sophos",
                    "engine_update": "20191125",
                    "engine_version": "4.98.0",
                    "method": "blacklist",
                    "result": null
                },
                "Symantec": {
                    "category": "undetected",
                    "engine_name": "Symantec",
                    "engine_update": "20191125",
                    "engine_version": "1.11.0.0",
                    "method": "blacklist",
                    "result": null
                },
                "SymantecMobileInsight": {
                    "category": "type-unsupported",
                    "engine_name": "SymantecMobileInsight",
                    "engine_update": "20191030",
                    "engine_version": "2.0",
                    "method": "blacklist",
                    "result": null
                },
                "TACHYON": {
                    "category": "undetected",
                    "engine_name": "TACHYON",
                    "engine_update": "20191125",
                    "engine_version": "2019-11-25.02",
                    "method": "blacklist",
                    "result": null
                },
                "Tencent": {
                    "category": "undetected",
                    "engine_name": "Tencent",
                    "engine_update": "20191125",
                    "engine_version": "1.0.0.1",
                    "method": "blacklist",
                    "result": null
                },
                "Trapmine": {
                    "category": "undetected",
                    "engine_name": "Trapmine",
                    "engine_update": "20190826",
                    "engine_version": "3.1.81.800",
                    "method": "blacklist",
                    "result": null
                },
                "TrendMicro": {
                    "category": "undetected",
                    "engine_name": "TrendMicro",
                    "engine_update": "20191125",
                    "engine_version": "11.0.0.1006",
                    "method": "blacklist",
                    "result": null
                },
                "TrendMicro-HouseCall": {
                    "category": "undetected",
                    "engine_name": "TrendMicro-HouseCall",
                    "engine_update": "20191125",
                    "engine_version": "10.0.0.1040",
                    "method": "blacklist",
                    "result": null
                },
                "Trustlook": {
                    "category": "type-unsupported",
                    "engine_name": "Trustlook",
                    "engine_update": "20191125",
                    "engine_version": "1.0",
                    "method": "blacklist",
                    "result": null
                },
                "VBA32": {
                    "category": "undetected",
                    "engine_name": "VBA32",
                    "engine_update": "20191125",
                    "engine_version": "4.2.0",
                    "method": "blacklist",
                    "result": null
                },
                "VIPRE": {
                    "category": "undetected",
                    "engine_name": "VIPRE",
                    "engine_update": "20191125",
                    "engine_version": "79588",
                    "method": "blacklist",
                    "result": null
                },
                "ViRobot": {
                    "category": "undetected",
                    "engine_name": "ViRobot",
                    "engine_update": "20191125",
                    "engine_version": "2014.3.20.0",
                    "method": "blacklist",
                    "result": null
                },
                "Webroot": {
                    "category": "undetected",
                    "engine_name": "Webroot",
                    "engine_update": "20191125",
                    "engine_version": "1.0.0.403",
                    "method": "blacklist",
                    "result": null
                },
                "Yandex": {
                    "category": "undetected",
                    "engine_name": "Yandex",
                    "engine_update": "20191121",
                    "engine_version": "5.5.2.24",
                    "method": "blacklist",
                    "result": null
                },
                "Zillya": {
                    "category": "undetected",
                    "engine_name": "Zillya",
                    "engine_update": "20191125",
                    "engine_version": "2.0.0.3959",
                    "method": "blacklist",
                    "result": null
                },
                "ZoneAlarm": {
                    "category": "undetected",
                    "engine_name": "ZoneAlarm",
                    "engine_update": "20191125",
                    "engine_version": "1.0",
                    "method": "blacklist",
                    "result": null
                },
                "Zoner": {
                    "category": "undetected",
                    "engine_name": "Zoner",
                    "engine_update": "20191125",
                    "engine_version": "1.0.0.1",
                    "method": "blacklist",
                    "result": null
                }
            },
            "last_analysis_stats": {
                "failure": 0,
                "harmless": 0,
                "malicious": 0,
                "suspicious": 0,
                "timeout": 1,
                "type-unsupported": 2,
                "undetected": 68
            },
            "last_modification_date": 1574706128,
            "last_submission_date": 1574705971,
            "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
            "md5": "03a751004c1952962ce8c0f38fb622c4",
            "meaningful_name": "Battle.net-Setup.exe",
            "names": [
                "Battle.net-Setup.exe",
                "Battle.net Setup"
            ],
            "pe_info": {
                "entry_point": 1279475,
                "imphash": "f386848a3162c60899249477d9ce1222",
                "imports": {
                    "ADVAPI32.dll": [
                        "CryptDestroyKey",
                        "RegCloseKey",
                        "DuplicateToken",
                        "RegQueryValueExA",
                        "AccessCheck",
                        "CryptSetHashParam",
                        "OpenServiceW",
                        "QueryServiceConfigW",
                        "CryptEncrypt",
                        "LookupPrivilegeValueW",
                        "RegCreateKeyExA",
                        "OpenThreadToken",
                        "CryptHashData",
                        "ConvertSidToStringSidA",
                        "RegQueryValueExW",
                        "CryptImportKey",
                        "CryptCreateHash",
                        "CloseServiceHandle",
                        "GetFileSecurityW",
                        "ConvertStringSecurityDescriptorToSecurityDescriptorW",
                        "OpenProcessToken",
                        "DeregisterEventSource",
                        "GetUserNameW",
                        "RegGetValueW",
                        "RegisterEventSourceA",
                        "RegOpenKeyExA",
                        "GetTokenInformation",
                        "DuplicateTokenEx",
                        "CryptReleaseContext",
                        "CryptAcquireContextA",
                        "GetNamedSecurityInfoW",
                        "CryptGenRandom",
                        "CryptAcquireContextW",
                        "CryptDecrypt",
                        "CryptGetProvParam",
                        "CryptDestroyHash",
                        "MapGenericMask",
                        "AdjustTokenPrivileges",
                        "CryptGetUserKey",
                        "SetEntriesInAclW",
                        "RegSetValueExW",
                        "ConvertSecurityDescriptorToStringSecurityDescriptorW",
                        "CryptGetHashParam",
                        "OpenSCManagerW",
                        "CryptExportKey",
                        "AllocateAndInitializeSid",
                        "RegSetValueExA",
                        "CryptEnumProvidersA",
                        "RegDeleteValueA",
                        "ReportEventA",
                        "SetNamedSecurityInfoW",
                        "CryptSignHashA",
                        "BuildTrusteeWithSidW"
                    ],
                    "CRYPT32.dll": [
                        "CertEnumCertificatesInStore",
                        "CertGetNameStringA",
                        "CryptStringToBinaryA",
                        "CertGetCertificateContextProperty",
                        "CertFreeCertificateChainEngine",
                        "CertFreeCertificateContext",
                        "CertCloseStore",
                        "CryptQueryObject",
                        "CertDuplicateCertificateContext",
                        "CertAddCertificateContextToStore",
                        "CertFindCertificateInStore",
                        "CertFreeCertificateChain",
                        "CryptMsgClose",
                        "CertGetCertificateChain",
                        "CertCreateCertificateChainEngine",
                        "CertOpenStore",
                        "CertGetNameStringW",
                        "CryptMsgGetParam"
                    ],
                    "GDI32.dll": [
                        "SetMapMode",
                        "DeleteDC",
                        "SelectObject",
                        "SetLayout",
                        "EnumFontFamiliesExW",
                        "AddFontMemResourceEx",
                        "SetTextAlign",
                        "GetObjectW",
                        "SetBkMode",
                        "SetBkColor",
                        "CreateDIBSection",
                        "CreateCompatibleDC",
                        "DeleteObject",
                        "CreateFontW",
                        "SetTextColor",
                        "GetLayout"
                    ],
                    "KERNEL32.dll": [
                        "CreateFiberEx",
                        "GetStdHandle",
                        "GetDriveTypeW",
                        "TerminateProcess",
                        "VerifyVersionInfoA",
                        "InterlockedPopEntrySList",
                        "DeactivateActCtx",
                        "WaitForSingleObject",
                        "LockResource",
                        "Thread32Next",
                        "SignalObjectAndWait",
                        "ReleaseSRWLockExclusive",
                        "CreateTimerQueue",
                        "GetFileAttributesW",
                        "GetFileSize",
                        "SystemTimeToTzSpecificLocalTime",
                        "GetProcessId",
                        "DeleteCriticalSection",
                        "GetCurrentProcess",
                        "GetConsoleMode",
                        "LocalAlloc",
                        "UnhandledExceptionFilter",
                        "SetFilePointer",
                        "ExpandEnvironmentStringsA",
                        "ReleaseMutex",
                        "FreeEnvironmentStringsW",
                        "InitializeSListHead",
                        "GetThreadContext",
                        "GetLocaleInfoW",
                        "SetStdHandle",
                        "GetFileTime",
                        "GetTempPathA",
                        "GetCPInfo",
                        "GetDiskFreeSpaceW",
                        "WriteFile",
                        "DeleteFiber",
                        "GetSystemTimeAsFileTime",
                        "SetThreadAffinityMask",
                        "GetThreadTimes",
                        "Thread32First",
                        "HeapReAlloc",
                        "GetStringTypeW",
                        "GetThreadPriority",
                        "SetEvent",
                        "LocalFree",
                        "ResumeThread",
                        "FreeLibraryAndExitThread",
                        "InitializeCriticalSection",
                        "OutputDebugStringW",
                        "FindClose",
                        "TlsGetValue",
                        "FormatMessageA",
                        "GetFullPathNameW",
                        "EncodePointer",
                        "OutputDebugStringA",
                        "GetEnvironmentVariableW",
                        "SetLastError",
                        "PeekNamedPipe",
                        "DeviceIoControl",
                        "GetUserDefaultLangID",
                        "LoadResource",
                        "GetModuleFileNameW",
                        "TryEnterCriticalSection",
                        "IsDebuggerPresent",
                        "ExitProcess",
                        "GetModuleFileNameA",
                        "InitializeCriticalSectionEx",
                        "VerSetConditionMask",
                        "CreateActCtxW",
                        "SetConsoleCtrlHandler",
                        "ActivateActCtx",
                        "EnumSystemLocalesW",
                        "LoadLibraryExW",
                        "MultiByteToWideChar",
                        "VerifyVersionInfoW",
                        "SetFilePointerEx",
                        "DeleteTimerQueueTimer",
                        "SwitchToFiber",
                        "MoveFileW",
                        "CreateMutexA",
                        "RegisterWaitForSingleObject",
                        "SetFileAttributesW",
                        "CreateThread",
                        "MoveFileExW",
                        "InterlockedFlushSList",
                        "GetExitCodeThread",
                        "SetNamedPipeHandleState",
                        "SetUnhandledExceptionFilter",
                        "Module32NextW",
                        "IsProcessorFeaturePresent",
                        "GetSystemDirectoryA",
                        "DecodePointer",
                        "SetEnvironmentVariableA",
                        "ReadConsoleA",
                        "GlobalMemoryStatus",
                        "ConvertThreadToFiber",
                        "GetModuleHandleExW",
                        "SetCurrentDirectoryW",
                        "VirtualQuery",
                        "GetDiskFreeSpaceExW",
                        "CreateEventW",
                        "SetEndOfFile",
                        "SetWaitableTimer",
                        "GetProcAddress",
                        "SleepEx",
                        "WriteConsoleW",
                        "CreateToolhelp32Snapshot",
                        "AreFileApisANSI",
                        "InitializeCriticalSectionAndSpinCount",
                        "HeapFree",
                        "EnterCriticalSection",
                        "Process32First",
                        "LoadLibraryW",
                        "OpenThread",
                        "GetComputerNameW",
                        "GetVersionExW",
                        "GetExitCodeProcess",
                        "QueryPerformanceCounter",
                        "GetTickCount",
                        "IsBadWritePtr",
                        "TlsAlloc",
                        "VirtualProtect",
                        "FlushFileBuffers",
                        "LoadLibraryA",
                        "DeleteFileA",
                        "RtlUnwind",
                        "ExitThread",
                        "FreeLibrary",
                        "ConvertFiberToThread",
                        "AcquireSRWLockExclusive",
                        "OpenProcess",
                        "GetModuleHandleW",
                        "SetFileValidData",
                        "GetDateFormatW",
                        "GetStartupInfoW",
                        "CreateDirectoryW",
                        "DeleteFileW",
                        "GetUserDefaultLCID",
                        "GetProcessHeap",
                        "QueryDepthSList",
                        "GetTimeFormatW",
                        "GetFileSizeEx",
                        "RemoveDirectoryW",
                        "GetFileInformationByHandle",
                        "FindNextFileW",
                        "ResetEvent",
                        "CreateTimerQueueTimer",
                        "CreateWaitableTimerA",
                        "FindFirstFileW",
                        "IsValidLocale",
                        "DuplicateHandle",
                        "FindFirstFileExW",
                        "WaitForMultipleObjects",
                        "GetProcessAffinityMask",
                        "GetTimeZoneInformation",
                        "CreateFileW",
                        "CreateEventA",
                        "Process32Next",
                        "GetFileType",
                        "TlsSetValue",
                        "CreateFileA",
                        "HeapAlloc",
                        "LeaveCriticalSection",
                        "GetLastError",
                        "IsValidCodePage",
                        "InterlockedPushEntrySList",
                        "SystemTimeToFileTime",
                        "LCMapStringW",
                        "GetShortPathNameW",
                        "GetSystemInfo",
                        "GetCompressedFileSizeW",
                        "GlobalFree",
                        "GetConsoleCP",
                        "UnregisterWaitEx",
                        "CompareStringW",
                        "GetVolumeInformationW",
                        "GetEnvironmentStringsW",
                        "QueryPerformanceFrequency",
                        "WaitForSingleObjectEx",
                        "lstrlenW",
                        "CreateFiber",
                        "Module32FirstW",
                        "SwitchToThread",
                        "SizeofResource",
                        "GetCurrentDirectoryW",
                        "GetCurrentProcessId",
                        "WaitNamedPipeW",
                        "ChangeTimerQueueTimer",
                        "SetFileTime",
                        "GetCommandLineW",
                        "WideCharToMultiByte",
                        "HeapSize",
                        "RaiseException",
                        "GetCommandLineA",
                        "GetCurrentThread",
                        "GetTickCount64",
                        "SuspendThread",
                        "ReadConsoleW",
                        "ReleaseSemaphore",
                        "TlsFree",
                        "GetModuleHandleA",
                        "VirtualUnlock",
                        "FileTimeToSystemTime",
                        "ReadFile",
                        "RtlCaptureContext",
                        "CloseHandle",
                        "lstrcpynA",
                        "GetACP",
                        "GetCurrentThreadId",
                        "GetFileAttributesExW",
                        "GetLogicalProcessorInformation",
                        "GetNumaHighestNodeNumber",
                        "GetLocalTime",
                        "UnregisterWait",
                        "SetConsoleMode",
                        "FindResourceW",
                        "VirtualFree",
                        "Sleep",
                        "IsBadReadPtr",
                        "IsBadStringPtrA",
                        "SetThreadPriority",
                        "OpenEventA",
                        "VirtualAlloc",
                        "GetOEMCP"
                    ],
                    "MSIMG32.dll": [
                        "AlphaBlend"
                    ],
                    "OLEAUT32.dll": [
                        "VariantClear"
                    ],
                    "RPCRT4.dll": [
                        "UuidToStringA",
                        "RpcStringFreeA",
                        "UuidCreate"
                    ],
                    "SHELL32.dll": [
                        "SHGetFolderPathW",
                        "ShellExecuteExA",
                        "SHBrowseForFolderW",
                        "SHGetPathFromIDListW",
                        "ShellExecuteExW",
                        "SHGetMalloc",
                        "CommandLineToArgvW",
                        "FindExecutableA"
                    ],
                    "USER32.dll": [
                        "GetUserObjectInformationW",
                        "EndPaint",
                        "IsIconic",
                        "BeginPaint",
                        "DefWindowProcW",
                        "TrackMouseEvent",
                        "PostQuitMessage",
                        "GetShellWindow",
                        "ShowWindow",
                        "SetWindowPos",
                        "GetWindowThreadProcessId",
                        "CharLowerA",
                        "SetWindowLongW",
                        "MessageBoxW",
                        "PeekMessageW",
                        "GetWindowRect",
                        "RegisterClassExW",
                        "SetCapture",
                        "ReleaseCapture",
                        "MessageBoxA",
                        "GetWindowDC",
                        "AdjustWindowRectEx",
                        "TranslateMessage",
                        "GetProcessWindowStation",
                        "DispatchMessageW",
                        "GetCursorPos",
                        "ReleaseDC",
                        "UpdateLayeredWindow",
                        "SendMessageW",
                        "GetSystemMetrics",
                        "GetForegroundWindow",
                        "SetWindowTextW",
                        "AllowSetForegroundWindow",
                        "DrawTextW",
                        "GetDC",
                        "InvalidateRect",
                        "SetTimer",
                        "GetActiveWindow",
                        "GetDesktopWindow",
                        "LoadCursorW",
                        "LoadIconW",
                        "CreateWindowExW",
                        "GetWindowLongW",
                        "DestroyWindow"
                    ],
                    "VERSION.dll": [
                        "VerQueryValueW",
                        "GetFileVersionInfoW",
                        "GetFileVersionInfoSizeW"
                    ],
                    "WINHTTP.dll": [
                        "WinHttpOpen",
                        "WinHttpGetIEProxyConfigForCurrentUser",
                        "WinHttpCloseHandle",
                        "WinHttpGetProxyForUrl"
                    ],
                    "WININET.dll": [
                        "InternetConnectA",
                        "HttpSendRequestA",
                        "InternetReadFileExA",
                        "InternetSetOptionA",
                        "HttpOpenRequestA",
                        "InternetCloseHandle",
                        "InternetOpenA",
                        "InternetSetCookieW",
                        "InternetSetStatusCallbackA",
                        "HttpQueryInfoA",
                        "InternetCrackUrlA"
                    ],
                    "WINTRUST.dll": [
                        "WinVerifyTrust"
                    ],
                    "WS2_32.dll": [
                        "getaddrinfo",
                        "htonl",
                        "getsockname",
                        "accept",
                        "ioctlsocket",
                        "WSAStartup",
                        "freeaddrinfo",
                        "connect",
                        "shutdown",
                        "htons",
                        "WSASetLastError",
                        "select",
                        "gethostname",
                        "getsockopt",
                        "closesocket",
                        "ntohl",
                        "send",
                        "ntohs",
                        "WSAGetLastError",
                        "listen",
                        "__WSAFDIsSet",
                        "WSACleanup",
                        "getpeername",
                        "recv",
                        "WSAIoctl",
                        "setsockopt",
                        "socket",
                        "bind",
                        "recvfrom",
                        "sendto"
                    ],
                    "ole32.dll": [
                        "CoTaskMemFree",
                        "CoCreateInstance"
                    ]
                },
                "machine_type": 332,
                "overlay": {
                    "chi2": 400545.46875,
                    "entropy": 5.426848411560059,
                    "filetype": "data",
                    "md5": "8b94c478dcb5bc068bb7d3497fa120e2",
                    "offset": 4892672,
                    "size": 10224
                },
                "resource_details": [
                    {
                        "chi2": 499077.46875,
                        "entropy": 6.821178436279297,
                        "filetype": "font/ttf",
                        "lang": "NEUTRAL",
                        "sha256": "2a00bef556be50a2d6aa77ad6a301068dad178e11237f90d1f26ca2d05f65746",
                        "type": "FONT"
                    },
                    {
                        "chi2": 9780.15625,
                        "entropy": 4.850625038146973,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "2075b7b30304308870c976231b17e73285ba43a47acd3d28a51481e3eb5d2832",
                        "type": "JSON"
                    },
                    {
                        "chi2": 16393.736328125,
                        "entropy": 4.974742412567139,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "350cf6ea1ab84cf8d55a7d72a83621a09f9010a1e4042fa44eb1c087a7f87d62",
                        "type": "JSON"
                    },
                    {
                        "chi2": 15070.0576171875,
                        "entropy": 4.976926326751709,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "c1351b0f1af3f07cdd92d5443f1490676e38973c480c09e704011858e59f3824",
                        "type": "JSON"
                    },
                    {
                        "chi2": 14118.9677734375,
                        "entropy": 4.86093807220459,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "9444283817d90e76c257b98af5b2dbcba5404c7a344ddba176171857282a0a97",
                        "type": "JSON"
                    },
                    {
                        "chi2": 28396.759765625,
                        "entropy": 4.97757625579834,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "62d5dcd1d961101e977342ec76edd6d6313fa70ae007ab10568b3a4fb34560f1",
                        "type": "JSON"
                    },
                    {
                        "chi2": 4454.36767578125,
                        "entropy": 4.897160053253174,
                        "filetype": "ASCII text",
                        "lang": "NEUTRAL",
                        "sha256": "9b89d541cb4df9f4589d9da03d2a146d6aafd7641bdc415f2007d919a32434c2",
                        "type": "JSON"
                    },
                    {
                        "chi2": 2576.44677734375,
                        "entropy": 7.959446907043457,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "6228da3e47704bf66e3d5d28601e0891b96049a913882447067bd9b0d0a52608",
                        "type": "PNG"
                    },
                    {
                        "chi2": 630.5415649414062,
                        "entropy": 7.982231616973877,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "ba3e3004449702b02e7a95abd7b0a20fc7e31f6cbf8739a8f40693e727e13384",
                        "type": "PNG"
                    },
                    {
                        "chi2": 1774.1646728515625,
                        "entropy": 7.993820667266846,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "56321daad1250d39226ecd46d5345b11e47f8fb6b9954c5b6cfe4ec93293bdc0",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4042.30126953125,
                        "entropy": 6.163387775421143,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "05ea10194afdb38e028d8e835533ab12aa3d3efc9905d3043cc0aa6f13529642",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3476.529052734375,
                        "entropy": 6.669460296630859,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "6ef744ed712e50d93f1f5a3a54dac24c4b0c90ab36bc0c70d291d19c37e560bf",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3349.603759765625,
                        "entropy": 6.754802227020264,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "7bfb185f0eda3eabd466ee997acc43e5d498cb97533399ce63a8643ce3254f69",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3101.17529296875,
                        "entropy": 6.887676239013672,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "a954f56a1e98be33cbc1aa353d8ae206310493e4e64c55eff9dd78115a0e338a",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3125.84912109375,
                        "entropy": 6.895979881286621,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "33ca2b924d0258a01b018aa1326410481ffcd2692f766b8ec32244ef687feace",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3249.62255859375,
                        "entropy": 6.883048057556152,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "fb122c6a5454eff35d566431d7d893d94406fc3efc4dd4bd1cd8aad97086360f",
                        "type": "PNG"
                    },
                    {
                        "chi2": 909.68359375,
                        "entropy": 6.634492874145508,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "6dfad246aa23ab0914cbd8c08bdeb5b393921c153608a5e2b25a83598088fa10",
                        "type": "PNG"
                    },
                    {
                        "chi2": 754.6452026367188,
                        "entropy": 7.002194404602051,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "42bd94d379e2a79a3b5a8b01ce0b0e834aeb7d5fa6a60b2ec581ce812df081f2",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3925.111572265625,
                        "entropy": 6.301149368286133,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "f716394fb6e931823177a874de2ee3aa5d42fa24e5c5f0cade1ae39f3cf2ed18",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4050.904541015625,
                        "entropy": 6.283083438873291,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "8f6661aa8d3c850431f863fca4d355ea32646ed0c6176f2ae92fd161b758fb8b",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4064.69921875,
                        "entropy": 6.424304485321045,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "0f5b706d8e41b3e0c5840e3d33aa92489b1e1c92f5888a0bdae0f7d95d742ed4",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4410.1923828125,
                        "entropy": 6.07090425491333,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "d27fc090d7200704e87d364fcb97578bdde414ca7291b5a24be23f363d75512b",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4274.2197265625,
                        "entropy": 6.233514785766602,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "ffab18a851cc551c56f15b6e183a2439276d89c582d673cb87b271e6d8c0b3e4",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4689.98828125,
                        "entropy": 5.911078453063965,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "f830d9cbb5290441203cfa19de16b5f6f502d1f04bda2e8e6486496d45a57ecf",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3814.478515625,
                        "entropy": 6.435084342956543,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "39cf8017a27f526abee2c4e1d69a11b4da66b193444a8757f12bbf0f3cbdef9d",
                        "type": "PNG"
                    },
                    {
                        "chi2": 536.4672241210938,
                        "entropy": 7.610865116119385,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "2025eb111ef74c1810850206fa480cc7bff9c99ade04d9c70aaddee7ef9e7df2",
                        "type": "PNG"
                    },
                    {
                        "chi2": 4476.20947265625,
                        "entropy": 5.8463664054870605,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "ef51e04f312c10a800d3759f29f4e02bb0afdde2a7e747cd55c50c7eb6e06b5d",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3474.26220703125,
                        "entropy": 6.657578468322754,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "3bbb7b60dd3abd625897c0981b544c7bf2548d4f18f6986df6a21c0864f58cef",
                        "type": "PNG"
                    },
                    {
                        "chi2": 1216.1697998046875,
                        "entropy": 7.851156234741211,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "7f5b6b5a7aa12b0041175d0aca9b7133c0df372577044ae8ccd780a913e7b62d",
                        "type": "PNG"
                    },
                    {
                        "chi2": 2053.398681640625,
                        "entropy": 7.535712718963623,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "41c6b6195b7842e0b22177f9e665551f92e156efd6bdbfc9c97c9f85de580bb8",
                        "type": "PNG"
                    },
                    {
                        "chi2": 2346.846923828125,
                        "entropy": 7.344842910766602,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "e2a78f400570065ce16769f9666794606e35e4f1b71f2704baf4b23dff19363a",
                        "type": "PNG"
                    },
                    {
                        "chi2": 981.5252685546875,
                        "entropy": 7.865232467651367,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "45d5d7ba31135659bbaf7f6f78cc5b2506b980eb2950e2477bea9fc6804e6973",
                        "type": "PNG"
                    },
                    {
                        "chi2": 1982.2357177734375,
                        "entropy": 7.523314476013184,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "9cc5eeb8fbfe19b516c273deeec28e787e42d525f0e011cb25fbabbdb527a968",
                        "type": "PNG"
                    },
                    {
                        "chi2": 3472.30810546875,
                        "entropy": 6.673733234405518,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "13d84af1627af54cdffecf34392d44f3c3d32493d8803199a276c2d68aa59ee1",
                        "type": "PNG"
                    },
                    {
                        "chi2": 2858.023193359375,
                        "entropy": 7.052192211151123,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "3b93b842b51aa0bc7163da55afd8ce63fc455c6a6d75242e14792118c5c488d6",
                        "type": "PNG"
                    },
                    {
                        "chi2": 84024.484375,
                        "entropy": 6.254825115203857,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "83fd6a0d795d27649f7ab4894f96d25b0e88cb425cbbc2024ae5ca646734c7f2",
                        "type": "STRINGS"
                    },
                    {
                        "chi2": 7617527.5,
                        "entropy": 2.4116599559783936,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "cced8681ccc95051d4cb873b2c58c69aee57cf9fb452a3a10118ec49b0bf2961",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 84345.4140625,
                        "entropy": 3.4780242443084717,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "ba0bf3725fe6de9ad4cdfdfccbac91612ec022e1678e7e9d1a6caabc2bd12576",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 170222.671875,
                        "entropy": 3.340118169784546,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "595f72f00d4d3b99f152293a05732b1756fc5f9968958e29bc5ad8f11f141cea",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 933.6068115234375,
                        "entropy": 7.96925163269043,
                        "filetype": "image/x-png",
                        "lang": "NEUTRAL",
                        "sha256": "44af8a64f0745a00118f0f9e2d7ccfac8ab10a492e25b49beb47dad9e3e8f462",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 326438.34375,
                        "entropy": 3.240429639816284,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "b05b142e244e8975698a97240431f8a5c0ff64f5df98eee2414bc71d739478bb",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 878903.5,
                        "entropy": 2.9002370834350586,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "f6c8ebc2e1dedee1d9fda6ff4727a62d4b30f3eeace8a33eac379620a969bc4d",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 1851371.625,
                        "entropy": 2.4544758796691895,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "8bd9b41951188ec0e1f9104fe3dc0fc96b8d5bb5ac824ae74d5959686c08fe22",
                        "type": "RT_ICON"
                    },
                    {
                        "chi2": 7649.84521484375,
                        "entropy": 2.919022560119629,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "c1bd526685b51753016929963a42624f5f04d3c8cb14f731c1695a0a44b3b703",
                        "type": "RT_GROUP_ICON"
                    },
                    {
                        "chi2": 65265.76171875,
                        "entropy": 3.4021029472351074,
                        "filetype": "data",
                        "lang": "NEUTRAL",
                        "sha256": "ebbfe0d4affcd9b04609cce6617aca2f7cf2cc81d1b9f158528456f9a6737629",
                        "type": "RT_VERSION"
                    },
                    {
                        "chi2": 11601.1318359375,
                        "entropy": 5.231886863708496,
                        "filetype": "ASCII text",
                        "lang": "ENGLISH US",
                        "sha256": "476c581e20a45055ac2da6dfa1d0bfc660e793295dc7b10b7a7b202c2882b73d",
                        "type": "RT_MANIFEST"
                    }
                ],
                "resource_langs": {
                    "ENGLISH US": 1,
                    "NEUTRAL": 45
                },
                "resource_types": {
                    "FONT": 1,
                    "JSON": 6,
                    "PNG": 28,
                    "RT_GROUP_ICON": 1,
                    "RT_ICON": 7,
                    "RT_MANIFEST": 1,
                    "RT_VERSION": 1,
                    "STRINGS": 1
                },
                "sections": [
                    {
                        "entropy": 6.7,
                        "md5": "84645d32630567fd9815d6086df0c297",
                        "name": ".text",
                        "raw_size": 2916352,
                        "virtual_address": 4096,
                        "virtual_size": 2916172
                    },
                    {
                        "entropy": 6.07,
                        "md5": "36b0c153aabc4656bbcfafdea737a2b6",
                        "name": ".rdata",
                        "raw_size": 1166848,
                        "virtual_address": 2920448,
                        "virtual_size": 1166534
                    },
                    {
                        "entropy": 5.08,
                        "md5": "697e6958d228f505915a91a6fd11cf6d",
                        "name": ".data",
                        "raw_size": 108544,
                        "virtual_address": 4087808,
                        "virtual_size": 487796
                    },
                    {
                        "entropy": 7.22,
                        "md5": "5853e95bc7e6a73e24a63026f194fa0e",
                        "name": ".rsrc",
                        "raw_size": 540672,
                        "virtual_address": 4579328,
                        "virtual_size": 540264
                    },
                    {
                        "entropy": 6.62,
                        "md5": "07449426cd5c953ac9432745b7cba1c7",
                        "name": ".reloc",
                        "raw_size": 159232,
                        "virtual_address": 5120000,
                        "virtual_size": 158732
                    }
                ],
                "timestamp": 1550185518
            },
            "reputation": 0,
            "sha1": "ec59db5a866bf77662680f091979d1f60a8e960b",
            "sha256": "f0696bc98bf69a953554104b22e5a4d610dbfb344654c3e729a2851acc12c24e",
            "signature_info": {
                "copyright": "\u00a9 2005-2019 Blizzard Entertainment Inc.",
                "counter signers": "Symantec Time Stamping Services Signer - G4; Symantec Time Stamping Services CA - G2; Thawte Timestamping CA",
                "counter signers details": [
                    {
                        "algorithm": "sha1RSA",
                        "cert issuer": "Symantec Time Stamping Services CA - G2",
                        "name": "Symantec Time Stamping Services Signer - G4",
                        "serial number": "0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50",
                        "status": "Valid",
                        "thumbprint": "65439929B67973EB192D6FF243E6767ADF0834E4",
                        "valid from": "12:00 AM 10/18/2012",
                        "valid to": "11:59 PM 12/29/2020",
                        "valid usage": "Timestamp Signing"
                    },
                    {
                        "algorithm": "sha1RSA",
                        "cert issuer": "Thawte Timestamping CA",
                        "name": "Symantec Time Stamping Services CA - G2",
                        "serial number": "7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B",
                        "status": "Valid",
                        "thumbprint": "6C07453FFDDA08B83707C09B82FB3D15F35336B1",
                        "valid from": "12:00 AM 12/21/2012",
                        "valid to": "11:59 PM 12/30/2020",
                        "valid usage": "Timestamp Signing"
                    },
                    {
                        "algorithm": "md5RSA",
                        "cert issuer": "Thawte Timestamping CA",
                        "name": "Thawte Timestamping CA",
                        "serial number": "00",
                        "status": "Valid",
                        "thumbprint": "BE36A4562FB2EE05DBB3D32323ADF445084ED656",
                        "valid from": "12:00 AM 01/01/1997",
                        "valid to": "11:59 PM 12/31/2020",
                        "valid usage": "Timestamp Signing"
                    }
                ],
                "description": "Battle.net Setup",
                "file version": "1.16.3.2988",
                "internal name": "Battle.net Setup",
                "original name": "Battle.net-Setup.exe",
                "product": "Battle.net Setup",
                "signers": "Blizzard Entertainment, Inc.; DigiCert SHA2 Assured ID Code Signing CA; DigiCert",
                "signers details": [
                    {
                        "algorithm": "sha256RSA",
                        "cert issuer": "DigiCert SHA2 Assured ID Code Signing CA",
                        "name": "Blizzard Entertainment, Inc.",
                        "serial number": "04 43 B5 67 BF FB AA 3B C0 83 FE 45 A4 6D D0 41",
                        "status": "Valid",
                        "thumbprint": "D3722C638DB40E9045B4380348D6AE8AE0A417D8",
                        "valid from": "12:00 AM 01/18/2018",
                        "valid to": "12:00 PM 01/22/2021",
                        "valid usage": "Code Signing"
                    },
                    {
                        "algorithm": "sha256RSA",
                        "cert issuer": "DigiCert Assured ID Root CA",
                        "name": "DigiCert SHA2 Assured ID Code Signing CA",
                        "serial number": "04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08",
                        "status": "Valid",
                        "thumbprint": "92C1588E85AF2201CE7915E8538B492F605B80C6",
                        "valid from": "12:00 PM 10/22/2013",
                        "valid to": "12:00 PM 10/22/2028",
                        "valid usage": "Code Signing"
                    },
                    {
                        "algorithm": "sha1RSA",
                        "cert issuer": "DigiCert Assured ID Root CA",
                        "name": "DigiCert",
                        "serial number": "0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39",
                        "status": "Valid",
                        "thumbprint": "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43",
                        "valid from": "12:00 AM 11/10/2006",
                        "valid to": "12:00 AM 11/10/2031",
                        "valid usage": "Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing"
                    }
                ],
                "signing date": "12:06 AM 2/15/2019",
                "verified": "Signed",
                "x509": [
                    {
                        "algorithm": "sha1RSA",
                        "cert issuer": "Thawte Timestamping CA",
                        "name": "Symantec Time Stamping Services CA - G2",
                        "serial number": "7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B",
                        "thumbprint": "6C07453FFDDA08B83707C09B82FB3D15F35336B1",
                        "valid from": "12:00 AM 12/21/2012",
                        "valid to": "11:59 PM 12/30/2020",
                        "valid_usage": "Timestamp Signing"
                    },
                    {
                        "algorithm": "sha1RSA",
                        "cert issuer": "Symantec Time Stamping Services CA - G2",
                        "name": "Symantec Time Stamping Services Signer - G4",
                        "serial number": "EC FF 43 8C 8F EB F3 56 E0 4D 86 A9 81 B1 A5 0",
                        "thumbprint": "65439929B67973EB192D6FF243E6767ADF0834E4",
                        "valid from": "12:00 AM 10/18/2012",
                        "valid to": "11:59 PM 12/29/2020",
                        "valid_usage": "ff"
                    },
                    {
                        "algorithm": "sha256RSA",
                        "cert issuer": "DigiCert Assured ID Root CA",
                        "name": "DigiCert SHA2 Assured ID Code Signing CA",
                        "serial number": "40 91 81 B5 FD 5B B6 67 55 34 3B 56 F9 55 00 8",
                        "thumbprint": "92C1588E85AF2201CE7915E8538B492F605B80C6",
                        "valid from": "12:00 PM 10/22/2013",
                        "valid to": "12:00 PM 10/22/2028",
                        "valid_usage": "Code Signing"
                    },
                    {
                        "algorithm": "sha256RSA",
                        "cert issuer": "DigiCert SHA2 Assured ID Code Signing CA",
                        "name": "Blizzard Entertainment, Inc.",
                        "serial number": "44 3B 56 7B FF BA A3 BC 08 3F E4 5A 46 DD 04 1",
                        "thumbprint": "D3722C638DB40E9045B4380348D6AE8AE0A417D8",
                        "valid from": "12:00 AM 1/18/2018",
                        "valid to": "12:00 PM 1/22/2021",
                        "valid_usage": "Code Signing"
                    }
                ]
            },
            "size": 4902896,
            "ssdeep": "98304:zhd3ga/+fpF5bAeDlMcXVFmpJE5qZ03wRtX:zhdv+f5bRmP4q2wtX",
            "tags": [
                "peexe",
                "signed",
                "overlay",
                "detect-debug-environment",
                "runtime-modules"
            ],
            "times_submitted": 1,
            "total_votes": {
                "harmless": 0,
                "malicious": 0
            },
            "trid": [
                {
                    "file_type": "Windows Control Panel Item (generic)",
                    "probability": 76.6
                },
                {
                    "file_type": "Win64 Executable (generic)",
                    "probability": 10.7
                },
                {
                    "file_type": "Obfuscated subsetted Font",
                    "probability": 8.5
                },
                {
                    "file_type": "Win32 Executable (generic)",
                    "probability": 1.7
                },
                {
                    "file_type": "OS/2 Executable (generic)",
                    "probability": 0.7
                }
            ],
            "type_description": "Win32 EXE",
            "type_tag": "peexe",
            "unique_sources": 1,
            "vhash": "046056656d55756352z1211ze8z2011z31z82z2c030b001e7z"
        },
        "id": "f0696bc98bf69a953554104b22e5a4d610dbfb344654c3e729a2851acc12c24e",
        "links": {
            "self": "https://www.virustotal.com/api/v3/files/f0696bc98bf69a953554104b22e5a4d610dbfb344654c3e729a2851acc12c24e"
        },
        "type": "file"
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed P1 - Very important The most important issues PROJECT SECURITY
Projects
None yet
Development

No branches or pull requests

1 participant