-
-
Save schrodyn/8f2c84b563b5209d516def36783a175e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - _id: "07720ce506b5cf4ecb1b276f673c4dcc7c1c2bb0c145e2eca4b1d5a3f9abcfb5" | |
| _type: "file" | |
| authentihash: "2d0236e637db7612ae77269c63e185de154e0ecb569a1e875f8ee322e521e7f6" | |
| creation_date: 1615794989 # 2021-03-15 07:56:29 +0000 GMT | |
| dot_net_assembly: | |
| assembly_data: | |
| buildnumber: 1776 | |
| culture: "" | |
| flags: 116523094 | |
| flags_text: "afPA_Shift, afPA_AMD64, afPA_MSIL" | |
| hashalgid: 116260950 | |
| majorversion: 35 | |
| minorversion: 86 | |
| name: "" | |
| pubkey: "'L\\x01\\x12'" | |
| revisionnumber: 37 | |
| assembly_flags: 3 | |
| assembly_flags_txt: "COMIMAGE_FLAGS_ILONLY, COMIMAGE_FLAGS_32BITREQUIRED" | |
| assembly_name: "Newtonsoft.Json.dll" | |
| clr_meta_version: "1.1" | |
| clr_version: "v4.0.30319" | |
| entry_point_rva: 579816 | |
| entry_point_token: 100663453 | |
| external_assemblies: | |
| : | |
| version: "3488.93.146.3490" | |
| metadata_header_rva: 199324 | |
| resources_va: 6145057 | |
| streams: | |
| #~: | |
| chi2: 5700970.5 | |
| entropy: 5.337321758270264 | |
| md5: "ef9f320ae40916c711e5d49b6205e01d" | |
| size: 146484 | |
| #Blob: | |
| chi2: 343478.28125 | |
| entropy: 5.726528644561768 | |
| md5: "e4418d9db1cf58acee25daa1a27ff6e7" | |
| size: 41520 | |
| #GUID: | |
| chi2: 240.0 | |
| entropy: 4.0 | |
| md5: "fa617bc6f53c583901b55679a012f3e3" | |
| size: 16 | |
| #Strings: | |
| chi2: 798213.875 | |
| entropy: 4.965095043182373 | |
| md5: "5c160431c44c2d0503cb2cbb78409810" | |
| size: 70704 | |
| #US: | |
| chi2: 3221944.75 | |
| entropy: 3.544029474258423 | |
| md5: "6faf737ef99f17d812ace872335a4621" | |
| size: 49272 | |
| strongname_va: 0 | |
| tables_present: 27 | |
| tables_present_map: "1f092bb69f57L" | |
| tables_rows_map: "115b14b05500d1b0d00c374616b461005025b50890028f423f701b506001008000015d92cb22" | |
| tables_rows_map_log: "4a9bcc9bab5a569ab9a54648997" | |
| type_definition_list: | |
| - namespace: "System.Collections.Specialized" | |
| type_definitions: | |
| - "INotifyCollectionChanged" | |
| - "NotifyCollectionChangedEventHandler" | |
| - "NotifyCollectionChangedEventArgs" | |
| - "NotifyCollectionChangedAction" | |
| - namespace: "System" | |
| type_definitions: | |
| - "Enum" | |
| - "Object" | |
| - "IDisposable" | |
| - "Attribute" | |
| - "Exception" | |
| - "ValueType" | |
| - "ICloneable" | |
| - "IEquatable`1" | |
| - "IFormattable" | |
| - "IComparable" | |
| - "IComparable`1" | |
| - "IConvertible" | |
| - "EventArgs" | |
| - "MulticastDelegate" | |
| - "DateTimeKind" | |
| - "Nullable`1" | |
| - "Type" | |
| - "Decimal" | |
| - "DateTime" | |
| - "DateTimeOffset" | |
| - "Guid" | |
| - "TimeSpan" | |
| - "Uri" | |
| - "Func`2" | |
| - "Action`2" | |
| - "Func`1" | |
| - "IFormatProvider" | |
| - "TypeCode" | |
| - "Func`3" | |
| - "Func`4" | |
| - "EventHandler`1" | |
| - "Array" | |
| - "StringComparison" | |
| - "IAsyncResult" | |
| - "AsyncCallback" | |
| - "Predicate`1" | |
| - "ArgumentOutOfRangeException" | |
| - "Delegate" | |
| - "ParamArrayAttribute" | |
| - "CLSCompliantAttribute" | |
| - "ObsoleteAttribute" | |
| - "String" | |
| - "UInt64" | |
| - "Convert" | |
| - "Boolean" | |
| - "Byte" | |
| - "ArgumentException" | |
| - "NotImplementedException" | |
| - "RuntimeTypeHandle" | |
| - "Int32" | |
| - "Double" | |
| - "Int64" | |
| - "Char" | |
| - "Single" | |
| - "SByte" | |
| - "Int16" | |
| - "UInt16" | |
| - "UInt32" | |
| - "Nullable" | |
| - "Activator" | |
| - "DBNull" | |
| - "NotSupportedException" | |
| - "Version" | |
| - "AttributeUsageAttribute" | |
| - "AttributeTargets" | |
| - "SerializableAttribute" | |
| - "Environment" | |
| - "RuntimeFieldHandle" | |
| - "ArgumentNullException" | |
| - "StringComparer" | |
| - "Math" | |
| - "InvalidOperationException" | |
| - "FlagsAttribute" | |
| - "Buffer" | |
| - "Action" | |
| - "InvalidCastException" | |
| - "Void" | |
| - "NonSerializedAttribute" | |
| - "AppDomain" | |
| - "StringSplitOptions" | |
| - "Tuple`2" | |
| - "UriKind" | |
| - "TimeZoneInfo" | |
| - "OverflowException" | |
| - namespace: "System.Runtime.InteropServices" | |
| type_definitions: | |
| - "OutAttribute" | |
| - "ComVisibleAttribute" | |
| - "GuidAttribute" | |
| - "StructLayoutAttribute" | |
| - "LayoutKind" | |
| - namespace: "System.Reflection.Emit" | |
| type_definitions: | |
| - "DynamicMethod" | |
| - "ILGenerator" | |
| - "Label" | |
| - "OpCodes" | |
| - "OpCode" | |
| - "LocalBuilder" | |
| - namespace: "System.Reflection" | |
| type_definitions: | |
| - "MemberInfo" | |
| - "MethodInfo" | |
| - "BindingFlags" | |
| - "ConstructorInfo" | |
| - "ParameterInfo" | |
| - "MethodBase" | |
| - "PropertyInfo" | |
| - "FieldInfo" | |
| - "Assembly" | |
| - "MemberTypes" | |
| - "AssemblyTitleAttribute" | |
| - "AssemblyDescriptionAttribute" | |
| - "AssemblyConfigurationAttribute" | |
| - "AssemblyCompanyAttribute" | |
| - "AssemblyProductAttribute" | |
| - "AssemblyCopyrightAttribute" | |
| - "AssemblyTrademarkAttribute" | |
| - "AssemblyCultureAttribute" | |
| - "AssemblyVersionAttribute" | |
| - "AssemblyFileVersionAttribute" | |
| - "DefaultMemberAttribute" | |
| - "Binder" | |
| - "ParameterModifier" | |
| - "Module" | |
| - "TargetParameterCountException" | |
| - "EventInfo" | |
| - "ICustomAttributeProvider" | |
| - namespace: "System.Linq" | |
| type_definitions: | |
| - "Enumerable" | |
| - "IOrderedEnumerable`1" | |
| - "IGrouping`2" | |
| - namespace: "System.Text.RegularExpressions" | |
| type_definitions: | |
| - "RegexOptions" | |
| - "Regex" | |
| - namespace: "System.Data.SqlTypes" | |
| type_definitions: | |
| - "INullable" | |
| - "SqlBinary" | |
| - "SqlInt32" | |
| - "SqlInt64" | |
| - "SqlBoolean" | |
| - "SqlString" | |
| - "SqlDateTime" | |
| - namespace: "System.Collections.ObjectModel" | |
| type_definitions: | |
| - "Collection`1" | |
| - "KeyedCollection`2" | |
| - "ReadOnlyCollection`1" | |
| - namespace: "System.Xml" | |
| type_definitions: | |
| - "XmlNodeType" | |
| - "XmlNode" | |
| - "XmlDocument" | |
| - "XmlElement" | |
| - "XmlDeclaration" | |
| - "XmlDocumentType" | |
| - "XmlNamespaceManager" | |
| - "XmlDateTimeSerializationMode" | |
| - "XmlNodeList" | |
| - "XmlAttributeCollection" | |
| - "XmlAttribute" | |
| - "XmlComment" | |
| - "XmlText" | |
| - "XmlCDataSection" | |
| - "XmlWhitespace" | |
| - "XmlSignificantWhitespace" | |
| - "XmlProcessingInstruction" | |
| - "NameTable" | |
| - "XmlNameTable" | |
| - "XmlConvert" | |
| - "XmlResolver" | |
| - namespace: "System.Runtime.Serialization.Formatters" | |
| type_definitions: | |
| - "FormatterAssemblyStyle" | |
| - namespace: "System.Threading.Tasks" | |
| type_definitions: | |
| - "Task`1" | |
| - "Task" | |
| - "TaskFactory" | |
| - namespace: "System.Data" | |
| type_definitions: | |
| - "DataTable" | |
| - "DataSet" | |
| - "DataTableCollection" | |
| - "InternalDataCollectionBase" | |
| - "DataRowCollection" | |
| - "DataRow" | |
| - "DataColumnCollection" | |
| - "DataColumn" | |
| - namespace: "System.Diagnostics.CodeAnalysis" | |
| type_definitions: | |
| - "SuppressMessageAttribute" | |
| - namespace: "System.Text" | |
| type_definitions: | |
| - "Encoding" | |
| - "StringBuilder" | |
| - "UTF8Encoding" | |
| - namespace: "System.Linq.Expressions" | |
| type_definitions: | |
| - "ExpressionVisitor" | |
| - "Expression" | |
| - "ExpressionType" | |
| - "ConstantExpression" | |
| - "ConditionalExpression" | |
| - "ParameterExpression" | |
| - "UnaryExpression" | |
| - "NewArrayExpression" | |
| - "MethodCallExpression" | |
| - "BlockExpression" | |
| - "BinaryExpression" | |
| - "DefaultExpression" | |
| - "LambdaExpression" | |
| - "NewExpression" | |
| - "MemberExpression" | |
| - "Expression`1" | |
| - namespace: "System.Runtime.CompilerServices" | |
| type_definitions: | |
| - "CallSite`1" | |
| - "CallSite" | |
| - "CallSiteBinder" | |
| - "InternalsVisibleToAttribute" | |
| - "CompilationRelaxationsAttribute" | |
| - "RuntimeCompatibilityAttribute" | |
| - "ExtensionAttribute" | |
| - "CompilerGeneratedAttribute" | |
| - "RuntimeHelpers" | |
| - "MethodImplAttribute" | |
| - "MethodImplOptions" | |
| - namespace: "System.Security.Permissions" | |
| type_definitions: | |
| - "ReflectionPermission" | |
| - "ReflectionPermissionFlag" | |
| - "SecurityPermission" | |
| - "SecurityPermissionFlag" | |
| - "PermissionState" | |
| - namespace: "System.Runtime.Versioning" | |
| type_definitions: | |
| - "TargetFrameworkAttribute" | |
| - namespace: "System.Security" | |
| type_definitions: | |
| - "AllowPartiallyTrustedCallersAttribute" | |
| - "SecuritySafeCriticalAttribute" | |
| - "CodeAccessPermission" | |
| - namespace: "System.Runtime.Serialization" | |
| type_definitions: | |
| - "IFormatterConverter" | |
| - "SerializationBinder" | |
| - "SerializationInfo" | |
| - "StreamingContext" | |
| - "ISerializable" | |
| - "DataContractAttribute" | |
| - "DataMemberAttribute" | |
| - "OnSerializingAttribute" | |
| - "OnSerializedAttribute" | |
| - "OnDeserializingAttribute" | |
| - "OnDeserializedAttribute" | |
| - "IgnoreDataMemberAttribute" | |
| - "FormatterServices" | |
| - "FormatterConverter" | |
| - "SerializationInfoEnumerator" | |
| - "SerializationEntry" | |
| - "EnumMemberAttribute" | |
| - namespace: "System.Threading" | |
| type_definitions: | |
| - "Thread" | |
| - "Monitor" | |
| - "Interlocked" | |
| - namespace: "System.Globalization" | |
| type_definitions: | |
| - "CultureInfo" | |
| - "DateTimeStyles" | |
| - "NumberStyles" | |
| - "NumberFormatInfo" | |
| - namespace: "System.Xml.Linq" | |
| type_definitions: | |
| - "XObject" | |
| - "XDeclaration" | |
| - "XDocumentType" | |
| - "XContainer" | |
| - "XDocument" | |
| - "XText" | |
| - "XComment" | |
| - "XProcessingInstruction" | |
| - "XAttribute" | |
| - "XElement" | |
| - "XNode" | |
| - "XCData" | |
| - "XName" | |
| - "XNamespace" | |
| - namespace: "System.Collections.Concurrent" | |
| type_definitions: | |
| - "ConcurrentDictionary`2" | |
| - namespace: "System.Diagnostics" | |
| type_definitions: | |
| - "TraceLevel" | |
| - "TraceEventType" | |
| - "DebuggableAttribute" | |
| - "DebuggerHiddenAttribute" | |
| - "TraceEventCache" | |
| - "Trace" | |
| - "TraceListenerCollection" | |
| - "TraceListener" | |
| - "DebuggerStepThroughAttribute" | |
| - namespace: "System.Collections" | |
| type_definitions: | |
| - "IEnumerable" | |
| - "IList" | |
| - "ICollection" | |
| - "IEnumerator" | |
| - "IDictionary" | |
| - "IDictionaryEnumerator" | |
| - "DictionaryEntry" | |
| - namespace: "System.Numerics" | |
| type_definitions: | |
| - "BigInteger" | |
| - namespace: "System.IO" | |
| type_definitions: | |
| - "BinaryWriter" | |
| - "BinaryReader" | |
| - "Stream" | |
| - "StringWriter" | |
| - "TextReader" | |
| - "TextWriter" | |
| - "EndOfStreamException" | |
| - "StringReader" | |
| - namespace: "System.ComponentModel" | |
| type_definitions: | |
| - "PropertyDescriptor" | |
| - "ITypedList" | |
| - "IBindingList" | |
| - "INotifyPropertyChanged" | |
| - "ICustomTypeDescriptor" | |
| - "INotifyPropertyChanging" | |
| - "ListChangedEventHandler" | |
| - "AddingNewEventHandler" | |
| - "AddingNewEventArgs" | |
| - "ListChangedEventArgs" | |
| - "PropertyDescriptorCollection" | |
| - "ListSortDirection" | |
| - "PropertyChangedEventHandler" | |
| - "PropertyChangingEventHandler" | |
| - "AttributeCollection" | |
| - "TypeConverter" | |
| - "EventDescriptor" | |
| - "EventDescriptorCollection" | |
| - "MemberDescriptor" | |
| - "ListChangedType" | |
| - "PropertyChangedEventArgs" | |
| - "PropertyChangingEventArgs" | |
| - "ComponentConverter" | |
| - "ReferenceConverter" | |
| - "DefaultValueAttribute" | |
| - "DescriptionAttribute" | |
| - "TypeDescriptor" | |
| - "ITypeDescriptorContext" | |
| - namespace: "uncategorized" | |
| type_definitions: | |
| - "DebuggingModes" | |
| - "Enumerator" | |
| - "KeyCollection" | |
| - "ValueCollection" | |
| - "Enumerator" | |
| - "Enumerator" | |
| - "Enumerator" | |
| - namespace: "System.Dynamic" | |
| type_definitions: | |
| - "IDynamicMetaObjectProvider" | |
| - "DynamicMetaObject" | |
| - "GetMemberBinder" | |
| - "SetMemberBinder" | |
| - "BinaryOperationBinder" | |
| - "ConvertBinder" | |
| - "CreateInstanceBinder" | |
| - "DeleteIndexBinder" | |
| - "DeleteMemberBinder" | |
| - "GetIndexBinder" | |
| - "InvokeBinder" | |
| - "InvokeMemberBinder" | |
| - "SetIndexBinder" | |
| - "UnaryOperationBinder" | |
| - "DynamicMetaObjectBinder" | |
| - "BindingRestrictions" | |
| - "ExpandoObject" | |
| - namespace: "System.Collections.Generic" | |
| type_definitions: | |
| - "IEnumerable`1" | |
| - "IEqualityComparer`1" | |
| - "IList`1" | |
| - "ICollection`1" | |
| - "IDictionary`2" | |
| - "KeyValuePair`2" | |
| - "IEnumerator`1" | |
| - "List`1" | |
| - "Dictionary`2" | |
| - "Queue`1" | |
| - "Stack`1" | |
| - "KeyNotFoundException" | |
| - "Comparer`1" | |
| - "HashSet`1" | |
| - "IComparer`1" | |
| - "ISet`1" | |
| - "EqualityComparer`1" | |
| dot_net_guids: | |
| mvid: "6f204b2e-6ecf-4c20-bfc3-5ed4f70d7139" | |
| typelib_id: "aeb9a54c-831e-40b5-8579-ae9184b4f9f4" | |
| downloadable: true | |
| exiftool: | |
| AssemblyVersion: "18.6.4.1001" | |
| CharacterSet: "Unicode" | |
| CodeSize: "6716928" | |
| Comments: "Lineage Launcher" | |
| CompanyName: "NcSoft" | |
| EntryPoint: "0x669d9e" | |
| FileDescription: "Lineage Launcher" | |
| FileFlagsMask: "0x003f" | |
| FileOS: "Win32" | |
| FileSubtype: "0" | |
| FileType: "Win32 EXE" | |
| FileTypeExtension: "exe" | |
| FileVersion: "18.06.04.1001" | |
| FileVersionNumber: "18.6.4.1001" | |
| ImageFileCharacteristics: "Executable, No line numbers, No symbols, Large address aware, 32-bit" | |
| ImageVersion: "0.0" | |
| InitializedDataSize: "574464" | |
| InternalName: "Launcher.exe" | |
| LanguageCode: "Neutral" | |
| LegalCopyright: "Copyright (C) 2017 NCSOFT" | |
| LinkerVersion: "6.0" | |
| MIMEType: "application/octet-stream" | |
| MachineType: "Intel 386 or later, and compatibles" | |
| OSVersion: "4.0" | |
| ObjectFileType: "Executable application" | |
| OriginalFileName: "Launcher.exe" | |
| PEType: "PE32" | |
| ProductName: "Lineage Launcher Application" | |
| ProductVersion: "18.06.04.1001" | |
| ProductVersionNumber: "18.6.4.1001" | |
| Subsystem: "Windows GUI" | |
| SubsystemVersion: "4.0" | |
| TimeStamp: "2021:03:15 07:56:29+00:00" | |
| UninitializedDataSize: "0" | |
| first_submission_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
| last_analysis_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
| last_analysis_results: | |
| ALYac: | |
| category: "undetected" | |
| engine_name: "ALYac" | |
| engine_update: "20210315" | |
| engine_version: "1.1.3.1" | |
| method: "blacklist" | |
| APEX: | |
| category: "undetected" | |
| engine_name: "APEX" | |
| engine_update: "20210313" | |
| engine_version: "6.142" | |
| method: "blacklist" | |
| AVG: | |
| category: "malicious" | |
| engine_name: "AVG" | |
| engine_update: "20210315" | |
| engine_version: "21.1.5827.0" | |
| method: "blacklist" | |
| result: "Win32:Swrort-S [Trj]" | |
| Acronis: | |
| category: "undetected" | |
| engine_name: "Acronis" | |
| engine_update: "20210211" | |
| engine_version: "1.1.1.81" | |
| method: "blacklist" | |
| Ad-Aware: | |
| category: "undetected" | |
| engine_name: "Ad-Aware" | |
| engine_update: "20210315" | |
| engine_version: "3.0.16.117" | |
| method: "blacklist" | |
| AegisLab: | |
| category: "undetected" | |
| engine_name: "AegisLab" | |
| engine_update: "20210315" | |
| engine_version: "4.2" | |
| method: "blacklist" | |
| AhnLab-V3: | |
| category: "undetected" | |
| engine_name: "AhnLab-V3" | |
| engine_update: "20210315" | |
| engine_version: "3.19.5.10130" | |
| method: "blacklist" | |
| Alibaba: | |
| category: "undetected" | |
| engine_name: "Alibaba" | |
| engine_update: "20190527" | |
| engine_version: "0.3.0.5" | |
| method: "blacklist" | |
| Antiy-AVL: | |
| category: "undetected" | |
| engine_name: "Antiy-AVL" | |
| engine_update: "20210315" | |
| engine_version: "3.0.0.1" | |
| method: "blacklist" | |
| Arcabit: | |
| category: "undetected" | |
| engine_name: "Arcabit" | |
| engine_update: "20210315" | |
| engine_version: "1.0.0.881" | |
| method: "blacklist" | |
| Avast: | |
| category: "malicious" | |
| engine_name: "Avast" | |
| engine_update: "20210315" | |
| engine_version: "21.1.5827.0" | |
| method: "blacklist" | |
| result: "Win32:Swrort-S [Trj]" | |
| Avast-Mobile: | |
| category: "type-unsupported" | |
| engine_name: "Avast-Mobile" | |
| engine_update: "20210315" | |
| engine_version: "210315-02" | |
| method: "blacklist" | |
| Avira: | |
| category: "undetected" | |
| engine_name: "Avira" | |
| engine_update: "20210315" | |
| engine_version: "8.3.3.12" | |
| method: "blacklist" | |
| Baidu: | |
| category: "undetected" | |
| engine_name: "Baidu" | |
| engine_update: "20190318" | |
| engine_version: "1.0.0.2" | |
| method: "blacklist" | |
| BitDefender: | |
| category: "undetected" | |
| engine_name: "BitDefender" | |
| engine_update: "20210315" | |
| engine_version: "7.2" | |
| method: "blacklist" | |
| BitDefenderFalx: | |
| category: "type-unsupported" | |
| engine_name: "BitDefenderFalx" | |
| engine_update: "20200916" | |
| engine_version: "2.0.936" | |
| method: "blacklist" | |
| BitDefenderTheta: | |
| category: "undetected" | |
| engine_name: "BitDefenderTheta" | |
| engine_update: "20210304" | |
| engine_version: "7.2.37796.0" | |
| method: "blacklist" | |
| Bkav: | |
| category: "undetected" | |
| engine_name: "Bkav" | |
| engine_update: "20210315" | |
| engine_version: "1.3.0.9899" | |
| method: "blacklist" | |
| CAT-QuickHeal: | |
| category: "malicious" | |
| engine_name: "CAT-QuickHeal" | |
| engine_update: "20210315" | |
| engine_version: "14.00" | |
| method: "blacklist" | |
| result: "Trojan.YakbeexMSIL.ZZ4" | |
| CMC: | |
| category: "undetected" | |
| engine_name: "CMC" | |
| engine_update: "20210312" | |
| engine_version: "2.10.2019.1" | |
| method: "blacklist" | |
| ClamAV: | |
| category: "malicious" | |
| engine_name: "ClamAV" | |
| engine_update: "20210314" | |
| engine_version: "0.103.1.0" | |
| method: "blacklist" | |
| result: "Win.Trojan.MSShellcode-7" | |
| Comodo: | |
| category: "undetected" | |
| engine_name: "Comodo" | |
| engine_update: "20210315" | |
| engine_version: "33346" | |
| method: "blacklist" | |
| CrowdStrike: | |
| category: "undetected" | |
| engine_name: "CrowdStrike" | |
| engine_update: "20210203" | |
| engine_version: "1.0" | |
| method: "blacklist" | |
| Cybereason: | |
| category: "undetected" | |
| engine_name: "Cybereason" | |
| engine_update: "20210307" | |
| engine_version: "1.2.449" | |
| method: "blacklist" | |
| Cylance: | |
| category: "undetected" | |
| engine_name: "Cylance" | |
| engine_update: "20210315" | |
| engine_version: "2.3.1.101" | |
| method: "blacklist" | |
| Cynet: | |
| category: "undetected" | |
| engine_name: "Cynet" | |
| engine_update: "20210315" | |
| engine_version: "4.0.0.25" | |
| method: "blacklist" | |
| Cyren: | |
| category: "undetected" | |
| engine_name: "Cyren" | |
| engine_update: "20210315" | |
| engine_version: "6.3.0.2" | |
| method: "blacklist" | |
| DrWeb: | |
| category: "undetected" | |
| engine_name: "DrWeb" | |
| engine_update: "20210315" | |
| engine_version: "7.0.49.9080" | |
| method: "blacklist" | |
| ESET-NOD32: | |
| category: "undetected" | |
| engine_name: "ESET-NOD32" | |
| engine_update: "20210315" | |
| engine_version: "22966" | |
| method: "blacklist" | |
| Elastic: | |
| category: "undetected" | |
| engine_name: "Elastic" | |
| engine_update: "20210217" | |
| engine_version: "4.0.17" | |
| method: "blacklist" | |
| Emsisoft: | |
| category: "undetected" | |
| engine_name: "Emsisoft" | |
| engine_update: "20210315" | |
| engine_version: "2018.12.0.1641" | |
| method: "blacklist" | |
| F-Secure: | |
| category: "undetected" | |
| engine_name: "F-Secure" | |
| engine_update: "20210315" | |
| engine_version: "12.0.86.52" | |
| method: "blacklist" | |
| FireEye: | |
| category: "undetected" | |
| engine_name: "FireEye" | |
| engine_update: "20210315" | |
| engine_version: "32.44.1.0" | |
| method: "blacklist" | |
| Fortinet: | |
| category: "undetected" | |
| engine_name: "Fortinet" | |
| engine_update: "20210315" | |
| engine_version: "6.2.142.0" | |
| method: "blacklist" | |
| GData: | |
| category: "undetected" | |
| engine_name: "GData" | |
| engine_update: "20210315" | |
| engine_version: "A:25.28949B:27.22295" | |
| method: "blacklist" | |
| Gridinsoft: | |
| category: "undetected" | |
| engine_name: "Gridinsoft" | |
| engine_update: "20210315" | |
| engine_version: "1.0.31.122" | |
| method: "blacklist" | |
| Ikarus: | |
| category: "undetected" | |
| engine_name: "Ikarus" | |
| engine_update: "20210315" | |
| engine_version: "0.1.5.2" | |
| method: "blacklist" | |
| K7AntiVirus: | |
| category: "undetected" | |
| engine_name: "K7AntiVirus" | |
| engine_update: "20210315" | |
| engine_version: "11.169.36706" | |
| method: "blacklist" | |
| K7GW: | |
| category: "undetected" | |
| engine_name: "K7GW" | |
| engine_update: "20210315" | |
| engine_version: "11.169.36706" | |
| method: "blacklist" | |
| Kaspersky: | |
| category: "undetected" | |
| engine_name: "Kaspersky" | |
| engine_update: "20210315" | |
| engine_version: "15.0.1.13" | |
| method: "blacklist" | |
| Kingsoft: | |
| category: "undetected" | |
| engine_name: "Kingsoft" | |
| engine_update: "20210315" | |
| engine_version: "2017.9.26.565" | |
| method: "blacklist" | |
| MAX: | |
| category: "undetected" | |
| engine_name: "MAX" | |
| engine_update: "20210315" | |
| engine_version: "2019.9.16.1" | |
| method: "blacklist" | |
| Malwarebytes: | |
| category: "undetected" | |
| engine_name: "Malwarebytes" | |
| engine_update: "20210315" | |
| engine_version: "4.2.1.18" | |
| method: "blacklist" | |
| MaxSecure: | |
| category: "undetected" | |
| engine_name: "MaxSecure" | |
| engine_update: "20210306" | |
| engine_version: "1.0.0.1" | |
| method: "blacklist" | |
| McAfee: | |
| category: "undetected" | |
| engine_name: "McAfee" | |
| engine_update: "20210315" | |
| engine_version: "6.0.6.653" | |
| method: "blacklist" | |
| McAfee-GW-Edition: | |
| category: "undetected" | |
| engine_name: "McAfee-GW-Edition" | |
| engine_update: "20210315" | |
| engine_version: "v2019.1.2+3728" | |
| method: "blacklist" | |
| MicroWorld-eScan: | |
| category: "undetected" | |
| engine_name: "MicroWorld-eScan" | |
| engine_update: "20210315" | |
| engine_version: "14.0.409.0" | |
| method: "blacklist" | |
| Microsoft: | |
| category: "malicious" | |
| engine_name: "Microsoft" | |
| engine_update: "20210315" | |
| engine_version: "1.1.17900.7" | |
| method: "blacklist" | |
| result: "Trojan:Win32/Meterpreter.O" | |
| NANO-Antivirus: | |
| category: "undetected" | |
| engine_name: "NANO-Antivirus" | |
| engine_update: "20210315" | |
| engine_version: "1.0.146.25265" | |
| method: "blacklist" | |
| Paloalto: | |
| category: "undetected" | |
| engine_name: "Paloalto" | |
| engine_update: "20210315" | |
| engine_version: "1.0" | |
| method: "blacklist" | |
| Panda: | |
| category: "undetected" | |
| engine_name: "Panda" | |
| engine_update: "20210315" | |
| engine_version: "4.6.4.2" | |
| method: "blacklist" | |
| Qihoo-360: | |
| category: "undetected" | |
| engine_name: "Qihoo-360" | |
| engine_update: "20210315" | |
| engine_version: "1.0.0.1120" | |
| method: "blacklist" | |
| Rising: | |
| category: "undetected" | |
| engine_name: "Rising" | |
| engine_update: "20210315" | |
| engine_version: "25.0.0.26" | |
| method: "blacklist" | |
| SUPERAntiSpyware: | |
| category: "undetected" | |
| engine_name: "SUPERAntiSpyware" | |
| engine_update: "20210312" | |
| engine_version: "5.6.0.1032" | |
| method: "blacklist" | |
| Sangfor: | |
| category: "malicious" | |
| engine_name: "Sangfor" | |
| engine_update: "20210315" | |
| engine_version: "2.9.0.0" | |
| method: "blacklist" | |
| result: "Trojan.Win32.Save.a" | |
| SentinelOne: | |
| category: "undetected" | |
| engine_name: "SentinelOne" | |
| engine_update: "20210215" | |
| engine_version: "5.0.0.20" | |
| method: "blacklist" | |
| Sophos: | |
| category: "undetected" | |
| engine_name: "Sophos" | |
| engine_update: "20210315" | |
| engine_version: "1.0.2.0" | |
| method: "blacklist" | |
| SymantecMobileInsight: | |
| category: "type-unsupported" | |
| engine_name: "SymantecMobileInsight" | |
| engine_update: "20210126" | |
| engine_version: "2.0" | |
| method: "blacklist" | |
| TACHYON: | |
| category: "undetected" | |
| engine_name: "TACHYON" | |
| engine_update: "20210315" | |
| engine_version: "2021-03-15.02" | |
| method: "blacklist" | |
| Tencent: | |
| category: "undetected" | |
| engine_name: "Tencent" | |
| engine_update: "20210315" | |
| engine_version: "1.0.0.1" | |
| method: "blacklist" | |
| Trapmine: | |
| category: "type-unsupported" | |
| engine_name: "Trapmine" | |
| engine_update: "20200727" | |
| engine_version: "3.5.0.1023" | |
| method: "blacklist" | |
| TrendMicro: | |
| category: "undetected" | |
| engine_name: "TrendMicro" | |
| engine_update: "20210315" | |
| engine_version: "11.0.0.1006" | |
| method: "blacklist" | |
| TrendMicro-HouseCall: | |
| category: "undetected" | |
| engine_name: "TrendMicro-HouseCall" | |
| engine_update: "20210315" | |
| engine_version: "10.0.0.1040" | |
| method: "blacklist" | |
| Trustlook: | |
| category: "type-unsupported" | |
| engine_name: "Trustlook" | |
| engine_update: "20210315" | |
| engine_version: "1.0" | |
| method: "blacklist" | |
| VBA32: | |
| category: "undetected" | |
| engine_name: "VBA32" | |
| engine_update: "20210315" | |
| engine_version: "4.4.1" | |
| method: "blacklist" | |
| VIPRE: | |
| category: "undetected" | |
| engine_name: "VIPRE" | |
| engine_update: "20210315" | |
| engine_version: "91100" | |
| method: "blacklist" | |
| ViRobot: | |
| category: "undetected" | |
| engine_name: "ViRobot" | |
| engine_update: "20210315" | |
| engine_version: "2014.3.20.0" | |
| method: "blacklist" | |
| Webroot: | |
| category: "undetected" | |
| engine_name: "Webroot" | |
| engine_update: "20210315" | |
| engine_version: "1.0.0.403" | |
| method: "blacklist" | |
| Yandex: | |
| category: "undetected" | |
| engine_name: "Yandex" | |
| engine_update: "20210313" | |
| engine_version: "5.5.2.24" | |
| method: "blacklist" | |
| Zillya: | |
| category: "undetected" | |
| engine_name: "Zillya" | |
| engine_update: "20210312" | |
| engine_version: "2.0.0.4315" | |
| method: "blacklist" | |
| ZoneAlarm: | |
| category: "undetected" | |
| engine_name: "ZoneAlarm" | |
| engine_update: "20210315" | |
| engine_version: "1.0" | |
| method: "blacklist" | |
| Zoner: | |
| category: "undetected" | |
| engine_name: "Zoner" | |
| engine_update: "20210314" | |
| engine_version: "0.0.0.0" | |
| method: "blacklist" | |
| eGambit: | |
| category: "undetected" | |
| engine_name: "eGambit" | |
| engine_update: "20210315" | |
| method: "blacklist" | |
| last_analysis_stats: | |
| confirmed-timeout: 0 | |
| failure: 0 | |
| harmless: 0 | |
| malicious: 6 | |
| suspicious: 0 | |
| timeout: 0 | |
| type-unsupported: 5 | |
| undetected: 62 | |
| last_modification_date: 1615813754 # 2021-03-15 13:09:14 +0000 GMT | |
| last_submission_date: 1615806495 # 2021-03-15 11:08:15 +0000 GMT | |
| magic: "PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly" | |
| main_icon: | |
| dhash: "ccac99123470720d" | |
| raw_md5: "eae9299517c579c06afe7c8462826823" | |
| md5: "f26d9dc4f9b53e47373f300cf2561c81" | |
| meaningful_name: "Launcher.exe" | |
| names: | |
| - "tfile.exe" | |
| - "Launcher.exe" | |
| packers: | |
| PEiD: ".NET executable" | |
| pe_info: | |
| debug: | |
| - codeview: | |
| age: 1 | |
| guid: "f12ba580-c920-4e3f-b93b-8c7dec810766" | |
| name: "Launcher.pdb" | |
| signature: "RSDS" | |
| offset: 6717733 | |
| size: 37 | |
| timestamp: "Thu Jan 1 00:00:00 1970" | |
| type: 2 | |
| type_str: "IMAGE_DEBUG_TYPE_CODEVIEW" | |
| entry_point: 6725022 | |
| imphash: "f34d5f2d4577ed6d9ceec516c1f5a744" | |
| import_list: | |
| - imported_functions: | |
| - "_CorExeMain" | |
| library_name: "mscoree.dll" | |
| machine_type: 332 | |
| overlay: | |
| chi2: 1776.063232421875 | |
| entropy: 7.215825080871582 | |
| filetype: "Data" | |
| md5: "565fb7fa130ffa33b5d031a1af9819a5" | |
| offset: 7292416 | |
| size: 968 | |
| resource_details: | |
| - chi2: 16507.41015625 | |
| entropy: 5.498626232147217 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "fc7eb43598427e7c8830eac1443be14a9487e9427a695775c1bf525b435fb808" | |
| type: "RT_ICON" | |
| - chi2: 38458.09765625 | |
| entropy: 5.5473809242248535 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "ed60172834fecd5632bc4347e3e67848fba070f7e1f59d5ca38925ef6d31f400" | |
| type: "RT_ICON" | |
| - chi2: 73591.0078125 | |
| entropy: 5.428617477416992 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "063944d4929f94da2b97e84c5982a309207fb5a28a1e07f4c7b63dd9f5858f6b" | |
| type: "RT_ICON" | |
| - chi2: 171863.703125 | |
| entropy: 5.394334316253662 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "0a13b97189991c421cb6a975cafaebb73b02e2307cc5940d41abcad3c74cfcd0" | |
| type: "RT_ICON" | |
| - chi2: 318570.71875 | |
| entropy: 5.313435077667236 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "60a342ea350e7ce154b5cf64aa67620e82375267b1dc5dce49ad9cfc58ec930a" | |
| type: "RT_ICON" | |
| - chi2: 728824.625 | |
| entropy: 5.299143314361572 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "a5a9f54ab9c27d8d04fb7d0f0fdfef2f40f3180f98833834d52a37432147c122" | |
| type: "RT_ICON" | |
| - chi2: 1356364.75 | |
| entropy: 5.226292610168457 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "6ebc8bced31a6287bed6b1d59ce6ef4411959d9c42949816b251dc2d63e26a16" | |
| type: "RT_ICON" | |
| - chi2: 3024560.0 | |
| entropy: 5.239337921142578 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "e3dee66d9dc11a282889632effe8fea50d5c7077c6634a8ddc29a88306f90ac9" | |
| type: "RT_ICON" | |
| - chi2: 5724253.0 | |
| entropy: 5.109508514404297 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "692ac111883a16ecf111e52b4fc3c93034774a8dcc604ef96d26b8f0bbbe0f40" | |
| type: "RT_ICON" | |
| - chi2: 9056.8486328125 | |
| entropy: 3.044480800628662 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "2a87b1f32c5d0435090c72c392b75394f706e5750eff64fd85d25e1c622ee581" | |
| type: "RT_GROUP_ICON" | |
| - chi2: 75012.703125 | |
| entropy: 3.438354253768921 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "72bf7800d9c9f8a3d4d32e232de3a48c915a6e42d682cd8a65ee1946ac0fb727" | |
| type: "RT_VERSION" | |
| - chi2: 28294.50390625 | |
| entropy: 5.817731857299805 | |
| filetype: "Data" | |
| lang: "NEUTRAL" | |
| sha256: "8b5d8d134f33bc17527e9c9b3cf292c862aa21816b5a2def575e32a59eb6838b" | |
| type: "RT_MANIFEST" | |
| resource_langs: | |
| NEUTRAL: 12 | |
| resource_types: | |
| RT_GROUP_ICON: 1 | |
| RT_ICON: 9 | |
| RT_MANIFEST: 1 | |
| RT_VERSION: 1 | |
| sections: | |
| - chi2: 10432703.0 | |
| entropy: 7.63 | |
| flags: "rx" | |
| md5: "19ef42bc4096ccaa0884faa748b50669" | |
| name: ".text" | |
| raw_size: 6716928 | |
| virtual_address: 8192 | |
| virtual_size: 6716836 | |
| - chi2: 1529.91 | |
| entropy: 7.9 | |
| flags: "rw" | |
| md5: "24ea92c0dd5b3c3cdb9859b671ff9ea7" | |
| name: ".sdata" | |
| raw_size: 6144 | |
| virtual_address: 6725632 | |
| virtual_size: 6016 | |
| - chi2: 11354008.0 | |
| entropy: 5.23 | |
| flags: "r" | |
| md5: "2f4867eab66351dd179155d265fc757e" | |
| name: ".rsrc" | |
| raw_size: 567808 | |
| virtual_address: 6733824 | |
| virtual_size: 567720 | |
| - chi2: 128015.0 | |
| entropy: 0.1 | |
| flags: "r" | |
| md5: "f43da07e583f26f728ee3b0f693134ef" | |
| name: ".reloc" | |
| raw_size: 512 | |
| virtual_address: 7307264 | |
| virtual_size: 12 | |
| timestamp: 1615794989 | |
| popular_threat_classification: | |
| popular_threat_category: | |
| - - "trojan" | |
| - 4 | |
| popular_threat_name: | |
| - - "swrort" | |
| - 2 | |
| suggested_threat_label: "trojan.swrort" | |
| reputation: 0 | |
| sha1: "eb4958183e32f731a846242a0cebfe4d041ef745" | |
| sha256: "07720ce506b5cf4ecb1b276f673c4dcc7c1c2bb0c145e2eca4b1d5a3f9abcfb5" | |
| sigma_analysis_stats: | |
| critical: 2 | |
| high: 2 | |
| low: 2 | |
| medium: 0 | |
| sigma_analysis_summary: | |
| Sigma Integrated Rule Set (GitHub): | |
| critical: 2 | |
| high: 2 | |
| low: 2 | |
| medium: 0 | |
| signature_info: | |
| comments: "Lineage Launcher" | |
| copyright: "Copyright (C) 2017 NCSOFT" | |
| description: "Lineage Launcher" | |
| file version: "18.06.04.1001" | |
| internal name: "Launcher.exe" | |
| original name: "Launcher.exe" | |
| product: "Lineage Launcher Application" | |
| signers: "NCSOFT Corporation" | |
| signers details: | |
| - algorithm: "md5RSA" | |
| cert issuer: "NCSOFT Corporation" | |
| name: "NCSOFT Corporation" | |
| serial number: "4D C4 5B 52 89 4B 67 A5 46 E1 09 C3 BE 60 1F ED" | |
| status: "The certificate or certificate chain is based on an untrusted root." | |
| thumbprint: "2D60706156F521DE702A6CED83D022D7DA2DFA32" | |
| valid from: "06:46 PM 09/26/2020" | |
| valid to: "11:59 PM 12/31/2039" | |
| valid usage: "All" | |
| signing date: "11:08 AM 03/15/2021" | |
| verified: "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider." | |
| x509: | |
| - algorithm: "md5RSA" | |
| cert issuer: "NCSOFT Corporation" | |
| name: "NCSOFT Corporation" | |
| serial number: "4D C4 5B 52 89 4B 67 A5 46 E1 09 C3 BE 60 1F ED" | |
| thumbprint: "2D60706156F521DE702A6CED83D022D7DA2DFA32" | |
| valid from: "2020-09-26 18:46:11" | |
| valid to: "2039-12-31 23:59:59" | |
| size: 7293384 | |
| ssdeep: "98304:y41m3dGYHZMkhGyY6659zAj4SXHZMkhGyY6659zAj4SXHZMkhGyY6659zAj4STl4:V1gYk1GXz+/J1GXz+/J1GXz+/tk" | |
| tags: | |
| - "invalid-signature" | |
| - "peexe" | |
| - "assembly" | |
| - "signed" | |
| - "overlay" | |
| - "direct-cpu-clock-access" | |
| - "checks-network-adapters" | |
| - "detect-debug-environment" | |
| - "runtime-modules" | |
| times_submitted: 1 | |
| tlsh: "T17B768CD93384FDAFC74B967EDDD43F14867169E20B3BE706C4432AAA492D7829E80153" | |
| total_votes: | |
| harmless: 0 | |
| malicious: 0 | |
| trid: | |
| - file_type: "Generic CIL Executable (.NET, Mono, etc.)" | |
| probability: 47.4 | |
| - file_type: "Win32 Executable MS Visual C++ (generic)" | |
| probability: 20.2 | |
| - file_type: "Windows screen saver" | |
| probability: 8.4 | |
| - file_type: "Win64 Executable (generic)" | |
| probability: 6.8 | |
| - file_type: "Win16 NE executable (generic)" | |
| probability: 4.5 | |
| type_description: "Win32 EXE" | |
| type_extension: "exe" | |
| type_tag: "peexe" | |
| unique_sources: 1 | |
| vhash: "2760467d75551ff05d69ffff19b9eff" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment