-
-
Save schrodyn/8f2c84b563b5209d516def36783a175e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- _id: "07720ce506b5cf4ecb1b276f673c4dcc7c1c2bb0c145e2eca4b1d5a3f9abcfb5" | |
_type: "file" | |
authentihash: "2d0236e637db7612ae77269c63e185de154e0ecb569a1e875f8ee322e521e7f6" | |
creation_date: 1615794989 # 2021-03-15 07:56:29 +0000 GMT | |
dot_net_assembly: | |
assembly_data: | |
buildnumber: 1776 | |
culture: "" | |
flags: 116523094 | |
flags_text: "afPA_Shift, afPA_AMD64, afPA_MSIL" | |
hashalgid: 116260950 | |
majorversion: 35 | |
minorversion: 86 | |
name: "" | |
pubkey: "'L\\x01\\x12'" | |
revisionnumber: 37 | |
assembly_flags: 3 | |
assembly_flags_txt: "COMIMAGE_FLAGS_ILONLY, COMIMAGE_FLAGS_32BITREQUIRED" | |
assembly_name: "Newtonsoft.Json.dll" | |
clr_meta_version: "1.1" | |
clr_version: "v4.0.30319" | |
entry_point_rva: 579816 | |
entry_point_token: 100663453 | |
external_assemblies: | |
: | |
version: "3488.93.146.3490" | |
metadata_header_rva: 199324 | |
resources_va: 6145057 | |
streams: | |
#~: | |
chi2: 5700970.5 | |
entropy: 5.337321758270264 | |
md5: "ef9f320ae40916c711e5d49b6205e01d" | |
size: 146484 | |
#Blob: | |
chi2: 343478.28125 | |
entropy: 5.726528644561768 | |
md5: "e4418d9db1cf58acee25daa1a27ff6e7" | |
size: 41520 | |
#GUID: | |
chi2: 240.0 | |
entropy: 4.0 | |
md5: "fa617bc6f53c583901b55679a012f3e3" | |
size: 16 | |
#Strings: | |
chi2: 798213.875 | |
entropy: 4.965095043182373 | |
md5: "5c160431c44c2d0503cb2cbb78409810" | |
size: 70704 | |
#US: | |
chi2: 3221944.75 | |
entropy: 3.544029474258423 | |
md5: "6faf737ef99f17d812ace872335a4621" | |
size: 49272 | |
strongname_va: 0 | |
tables_present: 27 | |
tables_present_map: "1f092bb69f57L" | |
tables_rows_map: "115b14b05500d1b0d00c374616b461005025b50890028f423f701b506001008000015d92cb22" | |
tables_rows_map_log: "4a9bcc9bab5a569ab9a54648997" | |
type_definition_list: | |
- namespace: "System.Collections.Specialized" | |
type_definitions: | |
- "INotifyCollectionChanged" | |
- "NotifyCollectionChangedEventHandler" | |
- "NotifyCollectionChangedEventArgs" | |
- "NotifyCollectionChangedAction" | |
- namespace: "System" | |
type_definitions: | |
- "Enum" | |
- "Object" | |
- "IDisposable" | |
- "Attribute" | |
- "Exception" | |
- "ValueType" | |
- "ICloneable" | |
- "IEquatable`1" | |
- "IFormattable" | |
- "IComparable" | |
- "IComparable`1" | |
- "IConvertible" | |
- "EventArgs" | |
- "MulticastDelegate" | |
- "DateTimeKind" | |
- "Nullable`1" | |
- "Type" | |
- "Decimal" | |
- "DateTime" | |
- "DateTimeOffset" | |
- "Guid" | |
- "TimeSpan" | |
- "Uri" | |
- "Func`2" | |
- "Action`2" | |
- "Func`1" | |
- "IFormatProvider" | |
- "TypeCode" | |
- "Func`3" | |
- "Func`4" | |
- "EventHandler`1" | |
- "Array" | |
- "StringComparison" | |
- "IAsyncResult" | |
- "AsyncCallback" | |
- "Predicate`1" | |
- "ArgumentOutOfRangeException" | |
- "Delegate" | |
- "ParamArrayAttribute" | |
- "CLSCompliantAttribute" | |
- "ObsoleteAttribute" | |
- "String" | |
- "UInt64" | |
- "Convert" | |
- "Boolean" | |
- "Byte" | |
- "ArgumentException" | |
- "NotImplementedException" | |
- "RuntimeTypeHandle" | |
- "Int32" | |
- "Double" | |
- "Int64" | |
- "Char" | |
- "Single" | |
- "SByte" | |
- "Int16" | |
- "UInt16" | |
- "UInt32" | |
- "Nullable" | |
- "Activator" | |
- "DBNull" | |
- "NotSupportedException" | |
- "Version" | |
- "AttributeUsageAttribute" | |
- "AttributeTargets" | |
- "SerializableAttribute" | |
- "Environment" | |
- "RuntimeFieldHandle" | |
- "ArgumentNullException" | |
- "StringComparer" | |
- "Math" | |
- "InvalidOperationException" | |
- "FlagsAttribute" | |
- "Buffer" | |
- "Action" | |
- "InvalidCastException" | |
- "Void" | |
- "NonSerializedAttribute" | |
- "AppDomain" | |
- "StringSplitOptions" | |
- "Tuple`2" | |
- "UriKind" | |
- "TimeZoneInfo" | |
- "OverflowException" | |
- namespace: "System.Runtime.InteropServices" | |
type_definitions: | |
- "OutAttribute" | |
- "ComVisibleAttribute" | |
- "GuidAttribute" | |
- "StructLayoutAttribute" | |
- "LayoutKind" | |
- namespace: "System.Reflection.Emit" | |
type_definitions: | |
- "DynamicMethod" | |
- "ILGenerator" | |
- "Label" | |
- "OpCodes" | |
- "OpCode" | |
- "LocalBuilder" | |
- namespace: "System.Reflection" | |
type_definitions: | |
- "MemberInfo" | |
- "MethodInfo" | |
- "BindingFlags" | |
- "ConstructorInfo" | |
- "ParameterInfo" | |
- "MethodBase" | |
- "PropertyInfo" | |
- "FieldInfo" | |
- "Assembly" | |
- "MemberTypes" | |
- "AssemblyTitleAttribute" | |
- "AssemblyDescriptionAttribute" | |
- "AssemblyConfigurationAttribute" | |
- "AssemblyCompanyAttribute" | |
- "AssemblyProductAttribute" | |
- "AssemblyCopyrightAttribute" | |
- "AssemblyTrademarkAttribute" | |
- "AssemblyCultureAttribute" | |
- "AssemblyVersionAttribute" | |
- "AssemblyFileVersionAttribute" | |
- "DefaultMemberAttribute" | |
- "Binder" | |
- "ParameterModifier" | |
- "Module" | |
- "TargetParameterCountException" | |
- "EventInfo" | |
- "ICustomAttributeProvider" | |
- namespace: "System.Linq" | |
type_definitions: | |
- "Enumerable" | |
- "IOrderedEnumerable`1" | |
- "IGrouping`2" | |
- namespace: "System.Text.RegularExpressions" | |
type_definitions: | |
- "RegexOptions" | |
- "Regex" | |
- namespace: "System.Data.SqlTypes" | |
type_definitions: | |
- "INullable" | |
- "SqlBinary" | |
- "SqlInt32" | |
- "SqlInt64" | |
- "SqlBoolean" | |
- "SqlString" | |
- "SqlDateTime" | |
- namespace: "System.Collections.ObjectModel" | |
type_definitions: | |
- "Collection`1" | |
- "KeyedCollection`2" | |
- "ReadOnlyCollection`1" | |
- namespace: "System.Xml" | |
type_definitions: | |
- "XmlNodeType" | |
- "XmlNode" | |
- "XmlDocument" | |
- "XmlElement" | |
- "XmlDeclaration" | |
- "XmlDocumentType" | |
- "XmlNamespaceManager" | |
- "XmlDateTimeSerializationMode" | |
- "XmlNodeList" | |
- "XmlAttributeCollection" | |
- "XmlAttribute" | |
- "XmlComment" | |
- "XmlText" | |
- "XmlCDataSection" | |
- "XmlWhitespace" | |
- "XmlSignificantWhitespace" | |
- "XmlProcessingInstruction" | |
- "NameTable" | |
- "XmlNameTable" | |
- "XmlConvert" | |
- "XmlResolver" | |
- namespace: "System.Runtime.Serialization.Formatters" | |
type_definitions: | |
- "FormatterAssemblyStyle" | |
- namespace: "System.Threading.Tasks" | |
type_definitions: | |
- "Task`1" | |
- "Task" | |
- "TaskFactory" | |
- namespace: "System.Data" | |
type_definitions: | |
- "DataTable" | |
- "DataSet" | |
- "DataTableCollection" | |
- "InternalDataCollectionBase" | |
- "DataRowCollection" | |
- "DataRow" | |
- "DataColumnCollection" | |
- "DataColumn" | |
- namespace: "System.Diagnostics.CodeAnalysis" | |
type_definitions: | |
- "SuppressMessageAttribute" | |
- namespace: "System.Text" | |
type_definitions: | |
- "Encoding" | |
- "StringBuilder" | |
- "UTF8Encoding" | |
- namespace: "System.Linq.Expressions" | |
type_definitions: | |
- "ExpressionVisitor" | |
- "Expression" | |
- "ExpressionType" | |
- "ConstantExpression" | |
- "ConditionalExpression" | |
- "ParameterExpression" | |
- "UnaryExpression" | |
- "NewArrayExpression" | |
- "MethodCallExpression" | |
- "BlockExpression" | |
- "BinaryExpression" | |
- "DefaultExpression" | |
- "LambdaExpression" | |
- "NewExpression" | |
- "MemberExpression" | |
- "Expression`1" | |
- namespace: "System.Runtime.CompilerServices" | |
type_definitions: | |
- "CallSite`1" | |
- "CallSite" | |
- "CallSiteBinder" | |
- "InternalsVisibleToAttribute" | |
- "CompilationRelaxationsAttribute" | |
- "RuntimeCompatibilityAttribute" | |
- "ExtensionAttribute" | |
- "CompilerGeneratedAttribute" | |
- "RuntimeHelpers" | |
- "MethodImplAttribute" | |
- "MethodImplOptions" | |
- namespace: "System.Security.Permissions" | |
type_definitions: | |
- "ReflectionPermission" | |
- "ReflectionPermissionFlag" | |
- "SecurityPermission" | |
- "SecurityPermissionFlag" | |
- "PermissionState" | |
- namespace: "System.Runtime.Versioning" | |
type_definitions: | |
- "TargetFrameworkAttribute" | |
- namespace: "System.Security" | |
type_definitions: | |
- "AllowPartiallyTrustedCallersAttribute" | |
- "SecuritySafeCriticalAttribute" | |
- "CodeAccessPermission" | |
- namespace: "System.Runtime.Serialization" | |
type_definitions: | |
- "IFormatterConverter" | |
- "SerializationBinder" | |
- "SerializationInfo" | |
- "StreamingContext" | |
- "ISerializable" | |
- "DataContractAttribute" | |
- "DataMemberAttribute" | |
- "OnSerializingAttribute" | |
- "OnSerializedAttribute" | |
- "OnDeserializingAttribute" | |
- "OnDeserializedAttribute" | |
- "IgnoreDataMemberAttribute" | |
- "FormatterServices" | |
- "FormatterConverter" | |
- "SerializationInfoEnumerator" | |
- "SerializationEntry" | |
- "EnumMemberAttribute" | |
- namespace: "System.Threading" | |
type_definitions: | |
- "Thread" | |
- "Monitor" | |
- "Interlocked" | |
- namespace: "System.Globalization" | |
type_definitions: | |
- "CultureInfo" | |
- "DateTimeStyles" | |
- "NumberStyles" | |
- "NumberFormatInfo" | |
- namespace: "System.Xml.Linq" | |
type_definitions: | |
- "XObject" | |
- "XDeclaration" | |
- "XDocumentType" | |
- "XContainer" | |
- "XDocument" | |
- "XText" | |
- "XComment" | |
- "XProcessingInstruction" | |
- "XAttribute" | |
- "XElement" | |
- "XNode" | |
- "XCData" | |
- "XName" | |
- "XNamespace" | |
- namespace: "System.Collections.Concurrent" | |
type_definitions: | |
- "ConcurrentDictionary`2" | |
- namespace: "System.Diagnostics" | |
type_definitions: | |
- "TraceLevel" | |
- "TraceEventType" | |
- "DebuggableAttribute" | |
- "DebuggerHiddenAttribute" | |
- "TraceEventCache" | |
- "Trace" | |
- "TraceListenerCollection" | |
- "TraceListener" | |
- "DebuggerStepThroughAttribute" | |
- namespace: "System.Collections" | |
type_definitions: | |
- "IEnumerable" | |
- "IList" | |
- "ICollection" | |
- "IEnumerator" | |
- "IDictionary" | |
- "IDictionaryEnumerator" | |
- "DictionaryEntry" | |
- namespace: "System.Numerics" | |
type_definitions: | |
- "BigInteger" | |
- namespace: "System.IO" | |
type_definitions: | |
- "BinaryWriter" | |
- "BinaryReader" | |
- "Stream" | |
- "StringWriter" | |
- "TextReader" | |
- "TextWriter" | |
- "EndOfStreamException" | |
- "StringReader" | |
- namespace: "System.ComponentModel" | |
type_definitions: | |
- "PropertyDescriptor" | |
- "ITypedList" | |
- "IBindingList" | |
- "INotifyPropertyChanged" | |
- "ICustomTypeDescriptor" | |
- "INotifyPropertyChanging" | |
- "ListChangedEventHandler" | |
- "AddingNewEventHandler" | |
- "AddingNewEventArgs" | |
- "ListChangedEventArgs" | |
- "PropertyDescriptorCollection" | |
- "ListSortDirection" | |
- "PropertyChangedEventHandler" | |
- "PropertyChangingEventHandler" | |
- "AttributeCollection" | |
- "TypeConverter" | |
- "EventDescriptor" | |
- "EventDescriptorCollection" | |
- "MemberDescriptor" | |
- "ListChangedType" | |
- "PropertyChangedEventArgs" | |
- "PropertyChangingEventArgs" | |
- "ComponentConverter" | |
- "ReferenceConverter" | |
- "DefaultValueAttribute" | |
- "DescriptionAttribute" | |
- "TypeDescriptor" | |
- "ITypeDescriptorContext" | |
- namespace: "uncategorized" | |
type_definitions: | |
- "DebuggingModes" | |
- "Enumerator" | |
- "KeyCollection" | |
- "ValueCollection" | |
- "Enumerator" | |
- "Enumerator" | |
- "Enumerator" | |
- namespace: "System.Dynamic" | |
type_definitions: | |
- "IDynamicMetaObjectProvider" | |
- "DynamicMetaObject" | |
- "GetMemberBinder" | |
- "SetMemberBinder" | |
- "BinaryOperationBinder" | |
- "ConvertBinder" | |
- "CreateInstanceBinder" | |
- "DeleteIndexBinder" | |
- "DeleteMemberBinder" | |
- "GetIndexBinder" | |
- "InvokeBinder" | |
- "InvokeMemberBinder" | |
- "SetIndexBinder" | |
- "UnaryOperationBinder" | |
- "DynamicMetaObjectBinder" | |
- "BindingRestrictions" | |
- "ExpandoObject" | |
- namespace: "System.Collections.Generic" | |
type_definitions: | |
- "IEnumerable`1" | |
- "IEqualityComparer`1" | |
- "IList`1" | |
- "ICollection`1" | |
- "IDictionary`2" | |
- "KeyValuePair`2" | |
- "IEnumerator`1" | |
- "List`1" | |
- "Dictionary`2" | |
- "Queue`1" | |
- "Stack`1" | |
- "KeyNotFoundException" | |
- "Comparer`1" | |
- "HashSet`1" | |
- "IComparer`1" | |
- "ISet`1" | |
- "EqualityComparer`1" | |
dot_net_guids: | |
mvid: "6f204b2e-6ecf-4c20-bfc3-5ed4f70d7139" | |
typelib_id: "aeb9a54c-831e-40b5-8579-ae9184b4f9f4" | |
downloadable: true | |
exiftool: | |
AssemblyVersion: "18.6.4.1001" | |
CharacterSet: "Unicode" | |
CodeSize: "6716928" | |
Comments: "Lineage Launcher" | |
CompanyName: "NcSoft" | |
EntryPoint: "0x669d9e" | |
FileDescription: "Lineage Launcher" | |
FileFlagsMask: "0x003f" | |
FileOS: "Win32" | |
FileSubtype: "0" | |
FileType: "Win32 EXE" | |
FileTypeExtension: "exe" | |
FileVersion: "18.06.04.1001" | |
FileVersionNumber: "18.6.4.1001" | |
ImageFileCharacteristics: "Executable, No line numbers, No symbols, Large address aware, 32-bit" | |
ImageVersion: "0.0" | |
InitializedDataSize: "574464" | |
InternalName: "Launcher.exe" | |
LanguageCode: "Neutral" | |
LegalCopyright: "Copyright (C) 2017 NCSOFT" | |
LinkerVersion: "6.0" | |
MIMEType: "application/octet-stream" | |
MachineType: "Intel 386 or later, and compatibles" | |
OSVersion: "4.0" | |
ObjectFileType: "Executable application" | |
OriginalFileName: "Launcher.exe" | |
PEType: "PE32" | |
ProductName: "Lineage Launcher Application" | |
ProductVersion: "18.06.04.1001" | |
ProductVersionNumber: "18.6.4.1001" | |
Subsystem: "Windows GUI" | |
SubsystemVersion: "4.0" | |
TimeStamp: "2021:03:15 07:56:29+00:00" | |
UninitializedDataSize: "0" | |
first_submission_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
last_analysis_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
last_analysis_results: | |
ALYac: | |
category: "undetected" | |
engine_name: "ALYac" | |
engine_update: "20210315" | |
engine_version: "1.1.3.1" | |
method: "blacklist" | |
APEX: | |
category: "undetected" | |
engine_name: "APEX" | |
engine_update: "20210313" | |
engine_version: "6.142" | |
method: "blacklist" | |
AVG: | |
category: "malicious" | |
engine_name: "AVG" | |
engine_update: "20210315" | |
engine_version: "21.1.5827.0" | |
method: "blacklist" | |
result: "Win32:Swrort-S [Trj]" | |
Acronis: | |
category: "undetected" | |
engine_name: "Acronis" | |
engine_update: "20210211" | |
engine_version: "1.1.1.81" | |
method: "blacklist" | |
Ad-Aware: | |
category: "undetected" | |
engine_name: "Ad-Aware" | |
engine_update: "20210315" | |
engine_version: "3.0.16.117" | |
method: "blacklist" | |
AegisLab: | |
category: "undetected" | |
engine_name: "AegisLab" | |
engine_update: "20210315" | |
engine_version: "4.2" | |
method: "blacklist" | |
AhnLab-V3: | |
category: "undetected" | |
engine_name: "AhnLab-V3" | |
engine_update: "20210315" | |
engine_version: "3.19.5.10130" | |
method: "blacklist" | |
Alibaba: | |
category: "undetected" | |
engine_name: "Alibaba" | |
engine_update: "20190527" | |
engine_version: "0.3.0.5" | |
method: "blacklist" | |
Antiy-AVL: | |
category: "undetected" | |
engine_name: "Antiy-AVL" | |
engine_update: "20210315" | |
engine_version: "3.0.0.1" | |
method: "blacklist" | |
Arcabit: | |
category: "undetected" | |
engine_name: "Arcabit" | |
engine_update: "20210315" | |
engine_version: "1.0.0.881" | |
method: "blacklist" | |
Avast: | |
category: "malicious" | |
engine_name: "Avast" | |
engine_update: "20210315" | |
engine_version: "21.1.5827.0" | |
method: "blacklist" | |
result: "Win32:Swrort-S [Trj]" | |
Avast-Mobile: | |
category: "type-unsupported" | |
engine_name: "Avast-Mobile" | |
engine_update: "20210315" | |
engine_version: "210315-02" | |
method: "blacklist" | |
Avira: | |
category: "undetected" | |
engine_name: "Avira" | |
engine_update: "20210315" | |
engine_version: "8.3.3.12" | |
method: "blacklist" | |
Baidu: | |
category: "undetected" | |
engine_name: "Baidu" | |
engine_update: "20190318" | |
engine_version: "1.0.0.2" | |
method: "blacklist" | |
BitDefender: | |
category: "undetected" | |
engine_name: "BitDefender" | |
engine_update: "20210315" | |
engine_version: "7.2" | |
method: "blacklist" | |
BitDefenderFalx: | |
category: "type-unsupported" | |
engine_name: "BitDefenderFalx" | |
engine_update: "20200916" | |
engine_version: "2.0.936" | |
method: "blacklist" | |
BitDefenderTheta: | |
category: "undetected" | |
engine_name: "BitDefenderTheta" | |
engine_update: "20210304" | |
engine_version: "7.2.37796.0" | |
method: "blacklist" | |
Bkav: | |
category: "undetected" | |
engine_name: "Bkav" | |
engine_update: "20210315" | |
engine_version: "1.3.0.9899" | |
method: "blacklist" | |
CAT-QuickHeal: | |
category: "malicious" | |
engine_name: "CAT-QuickHeal" | |
engine_update: "20210315" | |
engine_version: "14.00" | |
method: "blacklist" | |
result: "Trojan.YakbeexMSIL.ZZ4" | |
CMC: | |
category: "undetected" | |
engine_name: "CMC" | |
engine_update: "20210312" | |
engine_version: "2.10.2019.1" | |
method: "blacklist" | |
ClamAV: | |
category: "malicious" | |
engine_name: "ClamAV" | |
engine_update: "20210314" | |
engine_version: "0.103.1.0" | |
method: "blacklist" | |
result: "Win.Trojan.MSShellcode-7" | |
Comodo: | |
category: "undetected" | |
engine_name: "Comodo" | |
engine_update: "20210315" | |
engine_version: "33346" | |
method: "blacklist" | |
CrowdStrike: | |
category: "undetected" | |
engine_name: "CrowdStrike" | |
engine_update: "20210203" | |
engine_version: "1.0" | |
method: "blacklist" | |
Cybereason: | |
category: "undetected" | |
engine_name: "Cybereason" | |
engine_update: "20210307" | |
engine_version: "1.2.449" | |
method: "blacklist" | |
Cylance: | |
category: "undetected" | |
engine_name: "Cylance" | |
engine_update: "20210315" | |
engine_version: "2.3.1.101" | |
method: "blacklist" | |
Cynet: | |
category: "undetected" | |
engine_name: "Cynet" | |
engine_update: "20210315" | |
engine_version: "4.0.0.25" | |
method: "blacklist" | |
Cyren: | |
category: "undetected" | |
engine_name: "Cyren" | |
engine_update: "20210315" | |
engine_version: "6.3.0.2" | |
method: "blacklist" | |
DrWeb: | |
category: "undetected" | |
engine_name: "DrWeb" | |
engine_update: "20210315" | |
engine_version: "7.0.49.9080" | |
method: "blacklist" | |
ESET-NOD32: | |
category: "undetected" | |
engine_name: "ESET-NOD32" | |
engine_update: "20210315" | |
engine_version: "22966" | |
method: "blacklist" | |
Elastic: | |
category: "undetected" | |
engine_name: "Elastic" | |
engine_update: "20210217" | |
engine_version: "4.0.17" | |
method: "blacklist" | |
Emsisoft: | |
category: "undetected" | |
engine_name: "Emsisoft" | |
engine_update: "20210315" | |
engine_version: "2018.12.0.1641" | |
method: "blacklist" | |
F-Secure: | |
category: "undetected" | |
engine_name: "F-Secure" | |
engine_update: "20210315" | |
engine_version: "12.0.86.52" | |
method: "blacklist" | |
FireEye: | |
category: "undetected" | |
engine_name: "FireEye" | |
engine_update: "20210315" | |
engine_version: "32.44.1.0" | |
method: "blacklist" | |
Fortinet: | |
category: "undetected" | |
engine_name: "Fortinet" | |
engine_update: "20210315" | |
engine_version: "6.2.142.0" | |
method: "blacklist" | |
GData: | |
category: "undetected" | |
engine_name: "GData" | |
engine_update: "20210315" | |
engine_version: "A:25.28949B:27.22295" | |
method: "blacklist" | |
Gridinsoft: | |
category: "undetected" | |
engine_name: "Gridinsoft" | |
engine_update: "20210315" | |
engine_version: "1.0.31.122" | |
method: "blacklist" | |
Ikarus: | |
category: "undetected" | |
engine_name: "Ikarus" | |
engine_update: "20210315" | |
engine_version: "0.1.5.2" | |
method: "blacklist" | |
K7AntiVirus: | |
category: "undetected" | |
engine_name: "K7AntiVirus" | |
engine_update: "20210315" | |
engine_version: "11.169.36706" | |
method: "blacklist" | |
K7GW: | |
category: "undetected" | |
engine_name: "K7GW" | |
engine_update: "20210315" | |
engine_version: "11.169.36706" | |
method: "blacklist" | |
Kaspersky: | |
category: "undetected" | |
engine_name: "Kaspersky" | |
engine_update: "20210315" | |
engine_version: "15.0.1.13" | |
method: "blacklist" | |
Kingsoft: | |
category: "undetected" | |
engine_name: "Kingsoft" | |
engine_update: "20210315" | |
engine_version: "2017.9.26.565" | |
method: "blacklist" | |
MAX: | |
category: "undetected" | |
engine_name: "MAX" | |
engine_update: "20210315" | |
engine_version: "2019.9.16.1" | |
method: "blacklist" | |
Malwarebytes: | |
category: "undetected" | |
engine_name: "Malwarebytes" | |
engine_update: "20210315" | |
engine_version: "4.2.1.18" | |
method: "blacklist" | |
MaxSecure: | |
category: "undetected" | |
engine_name: "MaxSecure" | |
engine_update: "20210306" | |
engine_version: "1.0.0.1" | |
method: "blacklist" | |
McAfee: | |
category: "undetected" | |
engine_name: "McAfee" | |
engine_update: "20210315" | |
engine_version: "6.0.6.653" | |
method: "blacklist" | |
McAfee-GW-Edition: | |
category: "undetected" | |
engine_name: "McAfee-GW-Edition" | |
engine_update: "20210315" | |
engine_version: "v2019.1.2+3728" | |
method: "blacklist" | |
MicroWorld-eScan: | |
category: "undetected" | |
engine_name: "MicroWorld-eScan" | |
engine_update: "20210315" | |
engine_version: "14.0.409.0" | |
method: "blacklist" | |
Microsoft: | |
category: "malicious" | |
engine_name: "Microsoft" | |
engine_update: "20210315" | |
engine_version: "1.1.17900.7" | |
method: "blacklist" | |
result: "Trojan:Win32/Meterpreter.O" | |
NANO-Antivirus: | |
category: "undetected" | |
engine_name: "NANO-Antivirus" | |
engine_update: "20210315" | |
engine_version: "1.0.146.25265" | |
method: "blacklist" | |
Paloalto: | |
category: "undetected" | |
engine_name: "Paloalto" | |
engine_update: "20210315" | |
engine_version: "1.0" | |
method: "blacklist" | |
Panda: | |
category: "undetected" | |
engine_name: "Panda" | |
engine_update: "20210315" | |
engine_version: "4.6.4.2" | |
method: "blacklist" | |
Qihoo-360: | |
category: "undetected" | |
engine_name: "Qihoo-360" | |
engine_update: "20210315" | |
engine_version: "1.0.0.1120" | |
method: "blacklist" | |
Rising: | |
category: "undetected" | |
engine_name: "Rising" | |
engine_update: "20210315" | |
engine_version: "25.0.0.26" | |
method: "blacklist" | |
SUPERAntiSpyware: | |
category: "undetected" | |
engine_name: "SUPERAntiSpyware" | |
engine_update: "20210312" | |
engine_version: "5.6.0.1032" | |
method: "blacklist" | |
Sangfor: | |
category: "malicious" | |
engine_name: "Sangfor" | |
engine_update: "20210315" | |
engine_version: "2.9.0.0" | |
method: "blacklist" | |
result: "Trojan.Win32.Save.a" | |
SentinelOne: | |
category: "undetected" | |
engine_name: "SentinelOne" | |
engine_update: "20210215" | |
engine_version: "5.0.0.20" | |
method: "blacklist" | |
Sophos: | |
category: "undetected" | |
engine_name: "Sophos" | |
engine_update: "20210315" | |
engine_version: "1.0.2.0" | |
method: "blacklist" | |
SymantecMobileInsight: | |
category: "type-unsupported" | |
engine_name: "SymantecMobileInsight" | |
engine_update: "20210126" | |
engine_version: "2.0" | |
method: "blacklist" | |
TACHYON: | |
category: "undetected" | |
engine_name: "TACHYON" | |
engine_update: "20210315" | |
engine_version: "2021-03-15.02" | |
method: "blacklist" | |
Tencent: | |
category: "undetected" | |
engine_name: "Tencent" | |
engine_update: "20210315" | |
engine_version: "1.0.0.1" | |
method: "blacklist" | |
Trapmine: | |
category: "type-unsupported" | |
engine_name: "Trapmine" | |
engine_update: "20200727" | |
engine_version: "3.5.0.1023" | |
method: "blacklist" | |
TrendMicro: | |
category: "undetected" | |
engine_name: "TrendMicro" | |
engine_update: "20210315" | |
engine_version: "11.0.0.1006" | |
method: "blacklist" | |
TrendMicro-HouseCall: | |
category: "undetected" | |
engine_name: "TrendMicro-HouseCall" | |
engine_update: "20210315" | |
engine_version: "10.0.0.1040" | |
method: "blacklist" | |
Trustlook: | |
category: "type-unsupported" | |
engine_name: "Trustlook" | |
engine_update: "20210315" | |
engine_version: "1.0" | |
method: "blacklist" | |
VBA32: | |
category: "undetected" | |
engine_name: "VBA32" | |
engine_update: "20210315" | |
engine_version: "4.4.1" | |
method: "blacklist" | |
VIPRE: | |
category: "undetected" | |
engine_name: "VIPRE" | |
engine_update: "20210315" | |
engine_version: "91100" | |
method: "blacklist" | |
ViRobot: | |
category: "undetected" | |
engine_name: "ViRobot" | |
engine_update: "20210315" | |
engine_version: "2014.3.20.0" | |
method: "blacklist" | |
Webroot: | |
category: "undetected" | |
engine_name: "Webroot" | |
engine_update: "20210315" | |
engine_version: "1.0.0.403" | |
method: "blacklist" | |
Yandex: | |
category: "undetected" | |
engine_name: "Yandex" | |
engine_update: "20210313" | |
engine_version: "5.5.2.24" | |
method: "blacklist" | |
Zillya: | |
category: "undetected" | |
engine_name: "Zillya" | |
engine_update: "20210312" | |
engine_version: "2.0.0.4315" | |
method: "blacklist" | |
ZoneAlarm: | |
category: "undetected" | |
engine_name: "ZoneAlarm" | |
engine_update: "20210315" | |
engine_version: "1.0" | |
method: "blacklist" | |
Zoner: | |
category: "undetected" | |
engine_name: "Zoner" | |
engine_update: "20210314" | |
engine_version: "0.0.0.0" | |
method: "blacklist" | |
eGambit: | |
category: "undetected" | |
engine_name: "eGambit" | |
engine_update: "20210315" | |
method: "blacklist" | |
last_analysis_stats: | |
confirmed-timeout: 0 | |
failure: 0 | |
harmless: 0 | |
malicious: 6 | |
suspicious: 0 | |
timeout: 0 | |
type-unsupported: 5 | |
undetected: 62 | |
last_modification_date: 1615813754 # 2021-03-15 13:09:14 +0000 GMT | |
last_submission_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
magic: "PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly" | |
main_icon: | |
dhash: "ccac99123470720d" | |
raw_md5: "eae9299517c579c06afe7c8462826823" | |
md5: "f26d9dc4f9b53e47373f300cf2561c81" | |
meaningful_name: "Launcher.exe" | |
names: | |
- "tfile.exe" | |
- "Launcher.exe" | |
packers: | |
PEiD: ".NET executable" | |
pe_info: | |
debug: | |
- codeview: | |
age: 1 | |
guid: "f12ba580-c920-4e3f-b93b-8c7dec810766" | |
name: "Launcher.pdb" | |
signature: "RSDS" | |
offset: 6717733 | |
size: 37 | |
timestamp: "Thu Jan 1 00:00:00 1970" | |
type: 2 | |
type_str: "IMAGE_DEBUG_TYPE_CODEVIEW" | |
entry_point: 6725022 | |
imphash: "f34d5f2d4577ed6d9ceec516c1f5a744" | |
import_list: | |
- imported_functions: | |
- "_CorExeMain" | |
library_name: "mscoree.dll" | |
machine_type: 332 | |
overlay: | |
chi2: 1776.063232421875 | |
entropy: 7.215825080871582 | |
filetype: "Data" | |
md5: "565fb7fa130ffa33b5d031a1af9819a5" | |
offset: 7292416 | |
size: 968 | |
resource_details: | |
- chi2: 16507.41015625 | |
entropy: 5.498626232147217 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "fc7eb43598427e7c8830eac1443be14a9487e9427a695775c1bf525b435fb808" | |
type: "RT_ICON" | |
- chi2: 38458.09765625 | |
entropy: 5.5473809242248535 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "ed60172834fecd5632bc4347e3e67848fba070f7e1f59d5ca38925ef6d31f400" | |
type: "RT_ICON" | |
- chi2: 73591.0078125 | |
entropy: 5.428617477416992 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "063944d4929f94da2b97e84c5982a309207fb5a28a1e07f4c7b63dd9f5858f6b" | |
type: "RT_ICON" | |
- chi2: 171863.703125 | |
entropy: 5.394334316253662 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "0a13b97189991c421cb6a975cafaebb73b02e2307cc5940d41abcad3c74cfcd0" | |
type: "RT_ICON" | |
- chi2: 318570.71875 | |
entropy: 5.313435077667236 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "60a342ea350e7ce154b5cf64aa67620e82375267b1dc5dce49ad9cfc58ec930a" | |
type: "RT_ICON" | |
- chi2: 728824.625 | |
entropy: 5.299143314361572 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "a5a9f54ab9c27d8d04fb7d0f0fdfef2f40f3180f98833834d52a37432147c122" | |
type: "RT_ICON" | |
- chi2: 1356364.75 | |
entropy: 5.226292610168457 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "6ebc8bced31a6287bed6b1d59ce6ef4411959d9c42949816b251dc2d63e26a16" | |
type: "RT_ICON" | |
- chi2: 3024560.0 | |
entropy: 5.239337921142578 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "e3dee66d9dc11a282889632effe8fea50d5c7077c6634a8ddc29a88306f90ac9" | |
type: "RT_ICON" | |
- chi2: 5724253.0 | |
entropy: 5.109508514404297 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "692ac111883a16ecf111e52b4fc3c93034774a8dcc604ef96d26b8f0bbbe0f40" | |
type: "RT_ICON" | |
- chi2: 9056.8486328125 | |
entropy: 3.044480800628662 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581" | |
type: "RT_GROUP_ICON" | |
- chi2: 75012.703125 | |
entropy: 3.438354253768921 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "72bf7800d9c9f8a3d4d32e232de3a48c915a6e42d682cd8a65ee1946ac0fb727" | |
type: "RT_VERSION" | |
- chi2: 28294.50390625 | |
entropy: 5.817731857299805 | |
filetype: "Data" | |
lang: "NEUTRAL" | |
sha256: "8b5d8d134f33bc17527e9c9b3cf292c862aa21816b5a2def575e32a59eb6838b" | |
type: "RT_MANIFEST" | |
resource_langs: | |
NEUTRAL: 12 | |
resource_types: | |
RT_GROUP_ICON: 1 | |
RT_ICON: 9 | |
RT_MANIFEST: 1 | |
RT_VERSION: 1 | |
sections: | |
- chi2: 10432703.0 | |
entropy: 7.63 | |
flags: "rx" | |
md5: "19ef42bc4096ccaa0884faa748b50669" | |
name: ".text" | |
raw_size: 6716928 | |
virtual_address: 8192 | |
virtual_size: 6716836 | |
- chi2: 1529.91 | |
entropy: 7.9 | |
flags: "rw" | |
md5: "24ea92c0dd5b3c3cdb9859b671ff9ea7" | |
name: ".sdata" | |
raw_size: 6144 | |
virtual_address: 6725632 | |
virtual_size: 6016 | |
- chi2: 11354008.0 | |
entropy: 5.23 | |
flags: "r" | |
md5: "2f4867eab66351dd179155d265fc757e" | |
name: ".rsrc" | |
raw_size: 567808 | |
virtual_address: 6733824 | |
virtual_size: 567720 | |
- chi2: 128015.0 | |
entropy: 0.1 | |
flags: "r" | |
md5: "f43da07e583f26f728ee3b0f693134ef" | |
name: ".reloc" | |
raw_size: 512 | |
virtual_address: 7307264 | |
virtual_size: 12 | |
timestamp: 1615794989 | |
popular_threat_classification: | |
popular_threat_category: | |
- - "trojan" | |
- 4 | |
popular_threat_name: | |
- - "swrort" | |
- 2 | |
suggested_threat_label: "trojan.swrort" | |
reputation: 0 | |
sha1: "eb4958183e32f731a846242a0cebfe4d041ef745" | |
sha256: "07720ce506b5cf4ecb1b276f673c4dcc7c1c2bb0c145e2eca4b1d5a3f9abcfb5" | |
sigma_analysis_stats: | |
critical: 2 | |
high: 2 | |
low: 2 | |
medium: 0 | |
sigma_analysis_summary: | |
Sigma Integrated Rule Set (GitHub): | |
critical: 2 | |
high: 2 | |
low: 2 | |
medium: 0 | |
signature_info: | |
comments: "Lineage Launcher" | |
copyright: "Copyright (C) 2017 NCSOFT" | |
description: "Lineage Launcher" | |
file version: "18.06.04.1001" | |
internal name: "Launcher.exe" | |
original name: "Launcher.exe" | |
product: "Lineage Launcher Application" | |
signers: "NCSOFT Corporation" | |
signers details: | |
- algorithm: "md5RSA" | |
cert issuer: "NCSOFT Corporation" | |
name: "NCSOFT Corporation" | |
serial number: "4D C4 5B 52 89 4B 67 A5 46 E1 09 C3 BE 60 1F ED" | |
status: "The certificate or certificate chain is based on an untrusted root." | |
thumbprint: "2D60706156F521DE702A6CED83D022D7DA2DFA32" | |
valid from: "06:46 PM 09/26/2020" | |
valid to: "11:59 PM 12/31/2039" | |
valid usage: "All" | |
signing date: "11:08 AM 03/15/2021" | |
verified: "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider." | |
x509: | |
- algorithm: "md5RSA" | |
cert issuer: "NCSOFT Corporation" | |
name: "NCSOFT Corporation" | |
serial number: "4D C4 5B 52 89 4B 67 A5 46 E1 09 C3 BE 60 1F ED" | |
thumbprint: "2D60706156F521DE702A6CED83D022D7DA2DFA32" | |
valid from: "2020-09-26 18:46:11" | |
valid to: "2039-12-31 23:59:59" | |
size: 7293384 | |
ssdeep: "98304:y41m3dGYHZMkhGyY6659zAj4SXHZMkhGyY6659zAj4SXHZMkhGyY6659zAj4STl4:V1gYk1GXz+/J1GXz+/J1GXz+/tk" | |
tags: | |
- "invalid-signature" | |
- "peexe" | |
- "assembly" | |
- "signed" | |
- "overlay" | |
- "direct-cpu-clock-access" | |
- "checks-network-adapters" | |
- "detect-debug-environment" | |
- "runtime-modules" | |
times_submitted: 1 | |
tlsh: "T17B768CD93384FDAFC74B967EDDD43F14867169E20B3BE706C4432AAA492D7829E80153" | |
total_votes: | |
harmless: 0 | |
malicious: 0 | |
trid: | |
- file_type: "Generic CIL Executable (.NET, Mono, etc.)" | |
probability: 47.4 | |
- file_type: "Win32 Executable MS Visual C++ (generic)" | |
probability: 20.2 | |
- file_type: "Windows screen saver" | |
probability: 8.4 | |
- file_type: "Win64 Executable (generic)" | |
probability: 6.8 | |
- file_type: "Win16 NE executable (generic)" | |
probability: 4.5 | |
type_description: "Win32 EXE" | |
type_extension: "exe" | |
type_tag: "peexe" | |
unique_sources: 1 | |
vhash: "2760467d75551ff05d69ffff19b9eff" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment