├── README.md ├── graph theory&&Threat Intelligence ├── .DS_Store ├── .ipynb_checkpoints │ └── Demo-checkpoint.ipynb ├── Demo.ipynb └── data │ ├── 0000B30E32A75268086FF0BA4B59DAD8.json │ ├── 00fb52e38c1aa7c9bdb76018a24e594f974278c7.json │ ├── 013a4a892b6dd8e0f639c7aa97e5a13695a6faf5.json │ ├── 0207bceaad84356e63bae0084a616dc3.json │ ├── 0217c26baf4794a019c962e1e2e490410bc033a0.json │ ├── 025704d45b7456e511db427881377659.json │ ├── 02a52d3f2d97f6052a5a0f5524e2f193657136f7.json │ ├── 03c96dd5f291dcd59bcc5166e387b9fb.json │ ├── 0425381366c15289acfb798cae4ffb4e.json │ ├── 057f4b810ef6586445ce6b42d75175e1f0e78d5b.json │ ├── 05be7b7f47be2b7f9ddabbe45aa40a0c.json │ ├── 062139320d7c613b2d1359ec1e7582e6bbb829c3.json │ ├── 065ENPU2.VIR.json │ ├── 0701b85341f1021e77f2872168e37863.json │ ├── 0748e867bace63ab27228de6e4de82cca0256412.bin.json │ ├── 08d52db4523a2ab1f09d9f55a5f9e347.json │ ├── 0929350099a545b0c6b2ba0302b23542.json │ ├── 0929c6ff1cadc87dcb8ea058928d38dd.json │ ├── 09947AA283B195722C74222171FD540971200BC41D58E6931D7DCDD8E3CE8433.json │ ├── 09e2d024c83c8095b478214038a756c5.json │ ├── 09f0402f6bd99a8b39de29aedcca704deada057e.json │ ├── 0HAML352.VIR.json │ ├── 0LVD7FUB.VIR.json │ ├── 0a023357abb3c183f8b69a821fede23ca33a87b6.json │ ├── 0a04a417b42ef700721752b56dd5e8e7.json │ ├── 0a228f6e08cdc9282985d6cc64c674f0.json │ ├── 0a24d6c22ee4c99a374eb821eca1ddd76f55093f.json │ ├── 0a38173d9aa999a2f50907217b3235de5817624b.json │ ├── 0a4a48efc9f0f030ae9cfc6cf048059cebd73d00.json │ ├── 0a52afb9da7cec92759ae1532aa543774acb899e.json │ ├── 0a6375bce54c4708827638f204a2e4c39a1a8ea6.json │ ├── 0a7bbed991bbc8ff7231e3d47040552a0c2a702f.json │ ├── 0a7f68898ab839fc367e547ee514d32ec2dfa79f.json │ ├── 0a833b39c9fc494e6596428a08e7a816e309d5a3.json │ ├── 0a87efc035ee2dd769a5592f5f4439d5b15593aa.json │ ├── 0a8a264a86f32d79242cd7e53414ebc564c38aac.json │ ├── 0a90d231b792a9ef38f49afcec14c391d1a7970c.json │ ├── 0a9626d40bbfbcf7af04d5e2081c5715d8863356.json │ ├── 0a9c4e2b056ad33255091f0e081a2ea0b35da77b.json │ ├── 0ad2f2a087b9a6841009c5885dec9149850bb5eb.json │ ├── 0ba81ed45a9cfd1dfcc9941fbe349b3b1eb81fde.json │ ├── 0c04e3f1dc739141309da1c51bbeb232f7cf880d.json │ ├── 0c548ed4263428a6e5310170026b52f01f359bb4.json │ ├── 0cafdc4b5a41a5c0e962800076b825838ac40a11.json │ ├── 0d2c8ef5aec0f3668628d770ce073103160e8a22.json │ ├── 0e91bd487b28e50789fffc2a7171d02971e55e63.json │ ├── 1032328C0FFF902D2FE34BB6840C6E511568F05F12719B4D8C26B79350AA99C0.json │ ├── 10b0a50582f8823b49f563294964ea8ec188da84.json │ ├── 11f0a3e2a871e27a46cb92b497c566cd.json │ ├── 142cb62af31f7ddbc1bee38a097b08b9cea4ad30.json │ ├── 14c46b09bc2e5109bba5442811d047c267f6cecc.json │ ├── 16b632b4076a458b6e2087d64a42764d86b5b021.json │ ├── 172dd8674afb1582b8d1e09ccfb50fa0a86754a1.json │ ├── 180ce288221c461caf65f9cd5935d7d784925cbe.json │ ├── 18687e1c15af45b295599aa1e8963c2b479bb101.json │ ├── 1887facce6b1c91c25624774d37502e3.json │ ├── 189A846C55D8B97932FDF0E5BED07A17C0EDCFE50B74110129D36E85B20F4267.json │ ├── 1900116f73ca48933b1aa4099d65eeb4b90a76df.json │ ├── 1971cbe79219396af83bf49acfef0ea367fc58d6.json │ ├── 1975f52664eb4fd946f3a03e7dc6731a.json │ ├── 1F92DF2618BCD699F598D8CCF15A3218ECC5CD0E454D3A1C12BAB6A8EB037A41.json │ ├── 1a3bd916aa27d473c6412234e65a39cd4012d45f.json │ ├── 1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89.json │ ├── 1bc8480c07a91859295d533d68d03c187dcbd640.json │ ├── 1c067473cbc7be027217bc51df305567.json │ ├── 1d78db6fe73dacfd3d683a4c89e4fb07.json │ ├── 1dc91d4be2e1e359f2e4e190b92e6d096f501813.json │ ├── 1e37d2e64910ff2b8224a2f8279a57093b5ebead.json │ ├── 212211506852b13286aed71279c532ed715a454e.json │ ├── 222bd94810e8c81e7c3edbb3e41d7bc8.json │ ├── 243f2099425454f11a759eee75a0069929e2cfd8.json │ ├── 26316109487b1254534454887dfbc22c0d917a69.json │ ├── 26588408097316d7b0adfdb664bf4db1b0eace10.json │ ├── 272a5822a90b82bcea6e2bc0d8908e408ce9c460.json │ ├── 27414b673636d1b34052a055bf1fa6930a604a95.json │ ├── 276e68a897e814a09971c4eef10a7fad4b2caf4d.json │ ├── 277a41e541577a7766d894ba00e9f922ed4f979c.json │ ├── 279ddd1f8a5009ef2c081043f4931c3d44724c66.json │ ├── 2900edbd47870154429d3274050e2ec2a67fe0c6.json │ ├── 2901fea848a16545885864001ff101d9526e8258.json │ ├── 29804cb689f1949e5f127378351f72fada48c1e0.json │ ├── 2a0291a0d7627cff879fbdcb5953bd64.json │ ├── 2c9177ad277aee20236507cd386e269acfbc2e34.json │ ├── 2e2b1a83b7a1775b42df8581b253acbe.json │ ├── 2e6fddc4ab65be4d6058547ac526ab57495ddf67.json │ ├── 2ecf1a3b97d9c869f6afce39d7821cc879368236.json │ ├── 2ef79ba9cd870e225ebd70725eb35a661dcb5b69.json │ ├── 2f29b72ca2a488ce2442439644e62ae922cd672f.bin.json │ ├── 2ff306817e87ba669700481a7e218a64055896dd.json │ ├── 3084f99a2c72573166e84ae240c76d0b48e7dc20.json │ ├── 30c417437b2f7f26b8293079ef1cf0d7918e4983.json │ ├── 3152bc25a648b7235974f07b4690cdb421c55e25.json │ ├── 332f126ecd8c35c1d2811870987dba1f925d0adb.json │ ├── 33460a8f849550267910b7893f0867afe55a5a24452d538f796d9674e629acc4.json │ ├── 33ad0b622f28b43260a8dd99cebc240c.ht_.json │ ├── 33e7f0ae0cab615738b13324f1313211.json │ ├── 3427c1c4eb62bb6a159685bdd55732a670ad8796.json │ ├── 3458198d4871cbd3fb25129cea566f2331e7438e.json │ ├── 346376df45459e45c4e1ea0c4d0e7fa821ba3dc6.bin.json │ ├── 3479ad16a1ac3a08e70dd04603c61a18f7860f32.json │ ├── 34935f6a08799896355fd0a80231b25dad59db41.json │ ├── 34aa340935832918eeb51eef06e1b448b3ed895e.json │ ├── 34bc92225e8559fcf9d812980e9148b23655f387.json │ ├── 3504272badbf9b6c1802b0b3132dd02b5c781b8b.json │ ├── 35820e204fe1644a7ec9160ff1065ee0d7597525.json │ ├── 3695193896b40f9c34ae1401c28e78e9.json │ ├── 36b11b6e0d082e51c2be7a9b553e7011a56eb4d1.json │ ├── 37550eba46987e9efef4bd20b2ba1ce4669f4b30.json │ ├── 3786556e91186f24188688438c99e3108b6352a3.json │ ├── 380116dd476e388999c3835e347a160780883799.json │ ├── 385798ca82626eb399ceb3bc965e5ab3eb49502d.json │ ├── 3a13d31442038e0abd4f48e0c1d1a4fa8cbf3d99.json │ ├── 3b1f75b2772df0f65b54877678416c1ed27dd706.json │ ├── 3b27600608432aa0e15203d40f6b4a3374d67941.json │ ├── 3b3119798c33ca67aeaa396f97a1e115b17b1789.json │ ├── 3bfb068e900693effafc0101157abd58e98beb17.json │ ├── 3c998ceb37b3db2b752d47a3a997d9a46e01946c.json │ ├── 3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d.json │ ├── 3dcd7d473a776224c562c9b998db6c79.json │ ├── 3df2a4b6b82ab5a7f11092b8da74a15db1bab614.json │ ├── 3eb8a9866b3759bf6a3a8ab2474405f5.json │ ├── 400122926ee4751a493dbfbcab1f95128f68ff52.json │ ├── 4001b79446495905acd405991c22b34963089905.json │ ├── 4181cba9401699521c298a5d7d541c0c.bin.json │ ├── 41f9bb321a0fac15b712da604bc68574.json │ ├── 422e369818e19adf22311721604f8908c83873c1.json │ ├── 427bd4675b3afa70e949051352594b8aae4fbca7.json │ ├── 4358726c452420dc7a25c1acb4ef7620.bin.json │ ├── 437f96944625814071e52a3acf4ea2d30255758c.json │ ├── 43b0e29ad978434084034ca01978870605dc8748.json │ ├── 43de0e1ba70e0ea0f0ca180e040913ee6eb61c53.json │ ├── 43e338d3f35840f5a2a895a4328c9a1d00e84aff.json │ ├── 4633c8e47d0ec78033477b9a8bffaaedbe3bd62e.json │ ├── 476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8.json │ ├── 486947c984831b28cb4f58e332dbcdffbb1d0fdc.json │ ├── 48e87214393dfd697ed81cbb00a3f0caa5466e08.bin.json │ ├── 4WIDR8UD.VIR.json │ ├── 4a286e354c01441fbe5313e959f653cf.json │ ├── 4ba444d4f6fae6436cc644926c047d192c15cae9.json │ ├── 4c18a894b9bf162d8f661c293f0551a6.exe.json │ ├── 4ca25c677ebd9278f893cfaf2173c83a23ae751a.json │ ├── 4d19a426bb64767b44f2ecea7dcf67bad7e38854.json │ ├── 4d2c148a6b8378aae6fd43113ff74eab.json │ ├── 4ea6273640b88340503e0e52c37cc6ef.json │ ├── 4ecfab9fb50ed27cf8aec39c4a7dd25e.json │ ├── 4f556a60e217594ea517b3db940e7e25.bin.json │ ├── 4fa26c69c7bf87cba26b27030465a284.json │ ├── 50298fc7781d742903e5deadb3d8611c.json │ ├── 5067530f26b76888027dc7deb74f735e08544f14.json │ ├── 50742dfb52f31cc888886e1c86bc23a1.exe.json │ ├── 50742dfb52f31cc888886e1c86bc23a1.json │ ├── 50e4324ed17d26a2413f397365eb25c9c6cc3a35.json │ ├── 520745bc17645303e08c58c5494af576.json │ ├── 5216d9d37651692b894a8c54e57a22e647690962.json │ ├── 521dacb101cf63657d678649d1cc4f275d164258.json │ ├── 531-01_01.exe.json │ ├── 5473619c9327af4ec0573e0d119615edc5a36167.json │ ├── 54793817a7fb69d2a9a332eaabe49080.json │ ├── 549989483e0736dc58d38543eec2d0a7b4470a91.json │ ├── 555359b2857434d5281462e053942cfede014805.json │ ├── 559e3f3f9637988a698c36ed3c75547a.json │ ├── 5761484fd425b7b65dc84ffea40fe528f66cae2f.json │ ├── 586b41eec6360ede063760d878b164623665ce8c.json │ ├── 5919fe4d7b0d58af8316729e4c015b22ccc0d936.json │ ├── 59851d6bd8035a72c7563c53a686f764.json │ ├── 59afb5216f86ce53fada412628fb7f90ca4c2aa7.bin.json │ ├── 5ac60ea7d96f6fe81b82eadcc77e1bac9f6d4739.json │ ├── 5bf07a86df51ea86896060d91b344686c75512b0.json │ ├── 5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562.json │ ├── 5e14635b19b2badd958facbcab3e5a48.json │ ├── 5f36169887350ee7c0e18380980e90df.json │ ├── 5f567ae1ebe4f292a7a54243f7c15ddd.json │ ├── 5fa7b03cb11d48d20292b2e7cac6d627.json │ ├── 6002e683522fcac79e291c5e380d0a05df5fdaca.json │ ├── 6011357c91e9acf8f2991b52999dd825a84dd4cb.json │ ├── 609e04e878ee87f12e4fa20cc074031b575a4b9c.json │ ├── 60cb0fba6afeec14bf52e67f364ce220f5434e56.json │ ├── 617e63c8ca2ad43b762e00c4964fcf078d0ad56e.json │ ├── 61e6d6ae9041aa7a443363f464ab97976c02f743.json │ ├── 626f0accd31f7003c59388f437ca89ee4d8e247f.json │ ├── 629d4e44eba8b829ebfe8b937afd9bcc1739336c.json │ ├── 632dd46480b5ffff73b35dd037126e7dd29f9fbb.json │ ├── 644fa3bea5835e10c95fcc5f62e44735d9266ee5.json │ ├── 654c0e447eb233d3fd858fec90f28165.json │ ├── 658720183ce164c2db557e448fde737dad14136f.json │ ├── 658d228f263fabd837566844612affe20e08eae4.json │ ├── 6611dd67a8e8f10ff5151516eebbaeb44d3c60bf.json │ ├── 677ebe0bf0d5aa226080ddcf5693d82101b7550b.json │ ├── 67c486e4f661d1d233544c265cf0f683.json │ ├── 68bee1b6920dc22cb1daf11492d56a72.json │ ├── 692a7ec33ce13d94d8f6d9f54d82463da4a546c7.json │ ├── 69dac2040b1faa9dbaa06998f375e7d1.json │ ├── 6DSS92c31Apgjk.exe.json │ ├── 6RTN2FTC.VIR.json │ ├── 6a5ac414c1c558594ea785064b1c02c8.json │ ├── 6c36f38ec83513b8098306b4df97530d.json │ ├── 6d5356f3d0834407454ecbf4326b574f9ea33d77.json │ ├── 6d6b9f16494bc5116a49b0818ba40dcacd6537e6.json │ ├── 6ef2fd6addfc9e698c1b4b65a02a929e234b26fb.json │ ├── 6f1e66b663e3ec442b96e0669231a752acf79649.json │ ├── 706eccdf76a476e276747e39c4550c7b0d7e8dc9.json │ ├── 7093afb92e2c4e81a6523f489837d82d.json │ ├── 713a270e3b52d363a0b1a1eda2780eb1fb5ee5b2.json │ ├── 724554dab8852b4dffb51b0626bf451b.json │ ├── 738358397df47c616763f9001dcde97f01bef493.json │ ├── 7500c0fc019f54e91ec23be3955ab42809c77a66.json │ ├── 7564c3435c98c784c7f106fd11fd20be1f8ca42f.json │ ├── 7566a5894d0f58c8b12e406a470e6ea572728cd1.json │ ├── 76c593d15428b727418771351dae9a97cdef9c1d.json │ ├── 773f48f33d7f10fb060247b3cffb4ae6.json │ ├── 77c821d85bf81cea295a510fd27c3fbfac071260.json │ ├── 77d950cb76750735975a06ede51705aa94cbebb6.bin.json │ ├── 79086717a20c8be4cf12c9503150db74513394bf.json │ ├── 7a6cafe71de8568eb144620d497b0b25.exe.json │ ├── 7be65d65446b4eaba91dab4fedca73033aaa4cd3.bin.json │ ├── 7c09de00d060ddb454baa8af953910e3.json │ ├── 7c52098cd6575e87618a817be25d0ae1582344cb.json │ ├── 7d670044d867478b08e74e8f89733b4f.json │ ├── 7de47ffab1894b6a329c316c5a1d34f7318c774f.json │ ├── 8156801f3463e0edafc1fde32656debaf10bf9f2.json │ ├── 81e867015474685f97df8984f511bab4.json │ ├── 826c1e0f53edc03afec17a4551d4e881d7e7acff.json │ ├── 839ea24c02087aba7fb3913e11c8a4a6.json │ ├── 840e9f12d553aa97025aa3d498d3f747.bin.json │ ├── 846400271c575bd7f1a6b2de198cb502da1d4900.json │ ├── 846804aacf2498eb681de530c9e5867d942b7112.json │ ├── 84892320d4bcd312b03e7b6aa71fd67b.json │ ├── 8496eca144c3cc33baec161869bb569c560e1b1b.json │ ├── 84PJN990.VIR.json │ ├── 84b0a1fd7b24dcc6e0c8988b413b8c8c4a2167bd.json │ ├── 8601881b4fab17b5c471f7a9eef804e21b05d24f.json │ ├── 865e5cf05c8ff5ebc33d9d68f2ead5c2982d22ed.json │ ├── 86f20396ccf48c2f11cb06ca43ca07f11da3a7b3.json │ ├── 8773f4645b534c399e785cfb04dad87733d19d76.json │ ├── 878829f83fee6e4ec08e507051786e3c.json │ ├── 888894ec4d0fddc60f6ae76204e89b66.json │ ├── 88BB1ED51A2B5E71FB95E41A2A7274F4A7F2F6126FA65CF89EEE5D4CFC5F20FF.json │ ├── 895944ed82726eebc5f5df4d977608e21d8f93fa.json │ ├── 8995535721ebeaf6983c6cecf3182d756ca5b3911607452dd4ba2ad8ec86cf96.json │ ├── 8UBO9EV6.VIR.json │ ├── 8a5a3c2c9fddc6859607e7602fa6adf9.json │ ├── 8b0ef10a9cec34bf4c453ffb528a8784.json │ ├── 8b258e2b11d1ca9df3408669bfcaf7da.dl.json │ ├── 8b3d4e98e1fa34898a0c554f704681d6e52ef0e8.json │ ├── 8b411a72b8c71cf5b10707b1f66b2e5b.json │ ├── 8c86ecae063148e991c65b8302204b58445ba500.json │ ├── 8d6c15ae55c7fdf78feab1ec91b56005.json │ ├── 8df2014ce8db66dea8b96d6c47b5fa05.json │ ├── 8e5ad4879f7d3df0bab3212c6a3b8efcc6bd9a91.json │ ├── 8f3de5d6fb7431da6cb07f970e1b63e6b9b89927.json │ ├── 8fe560ec022e5dfb28574f2089f061c5f67a3e39.json │ ├── 90474af4f36991af46094b421ca91c5b610466bb.json │ ├── 922E60B0EF2B9DF4CB6E498E722C272F88ADDE4476E5DA072755BBA48FCAD16A.json │ ├── 92487030548b82ee3e17cdadfa612726.json │ ├── 92e9e28102a7d96e041bc43e38a33402.json │ ├── 93efeef545b1114de92c3fbb4bb907c6b72014a1.json │ ├── 94ac2b89ea562e388097b78f025d312d.json │ ├── 94f6b633e24f69d35328295cac7ea6e3.json │ ├── 95d7cdc9264f46a3f6f0c49206729c13ca4b16ac.json │ ├── 963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4.json │ ├── 9947374f5d2418e7765f456acba8c67ad542531b.json │ ├── 99c9959612e10befb4f2e0feb26f6a337e274996.json │ ├── 9a975db8ff64827a9d556ac3b4701cdd0266f60e.json │ ├── 9bd68555d4f0387daf7dd74da9d3ce4020c39b90.json │ ├── 9c26d6ab77d5f274462aa696c827f3d0.json │ ├── 9f0090ac0a5b6bb778f03367a8929fd5.json │ ├── AO1TD22G.VIR.json │ ├── B699JSCR.VIR.json │ ├── BB41531D83FD6D643EA02887971F2DD670D32A30584E837408911FC4306D81AB.json │ ├── BC898147D2861F9B409EF964763C594C058D8D864620012907B36C697E12C0F6.json │ ├── DMC0VW78.VIR.json │ ├── F01B71OS.VIR.json │ ├── FGI1YMXP.VIR.json │ ├── HIFY9UKU.VIR.json │ ├── JDU51ZTP.VIR.json │ ├── LH0L6Y6D.VIR.json │ ├── LKDTN2E0.VIR.json │ ├── PYUW19PE.VIR.json │ ├── a08dfc8d23790905e34fa857ddc33345794dc921.json │ ├── a1b0fa099b87aa9e453ea50781a99a27.json │ ├── a2055df7367ad0d603390c43bf2dfc6e82b02561.json │ ├── a23f5b057ccdafc593ff847573b5fe21.json │ ├── a2e91a03c1cebb3f0f1e1f1af95678be36913130.json │ ├── a4940dbb3dcf632a05bb75c09fb8c7e1e8a4dbfd.json │ ├── a516352edb38ce4dd6f8e27987191570e9c0f757.json │ ├── a5b1592a17003b7610917432c0061881f1000040.json │ ├── a846d6ebb925ced992fe3a6af467dc35.exe.json │ ├── a846d6ebb925ced992fe3a6af467dc35.json │ ├── a84b57a7c0ead4dadee1250ec01d9d873d26f0a2.json │ ├── aa79bb0436d9c238a46a711074d8cf0d.json │ ├── ab362a674b0c291f34ae59169a9d7f73.json │ ├── ab4374f9eda03ea2aff782ed215120c2.json │ ├── abc1eca564c2aa2a167590e50ab89e843b314cdf.json │ ├── ad2099fc9cd2a28734dbe14895831a79f66880fd.json │ ├── ae809271b92b55399a1586822e94081ab4aa4a87.json │ ├── af3f9bcdd43f233e407ac64693ada76c.json │ ├── afc65671f2e61e14b04a446fe293a96d.json │ ├── b056d1ba8203411f77f479e4ae071e71dd2d98da.json │ ├── b0b9048ac7cb6d553127b6b61602e1e8.json │ ├── b0f1a65f69a0d052bdaa891c0b87f03dd2c9e935.json │ ├── b215d76d4d7858394aa51459816384edc60ba42a.json │ ├── b5b37793d80818e0377b1fa61decca0c71f0666a.json │ ├── b64c0dbb3551f4eb6ea5df45eb5cfe5b.json │ ├── b71afe0c780db7bfb206ab6dd62def9fd5730a33.json │ ├── b810433140b5e375dfdd028e13df48e313dfde21.json │ ├── b85d4343e6658cc9f572c5470e04290f04030630.json │ ├── b89ce59f8e232aaa94281ec15a049426.json │ ├── b8e0615dedb839409ca6e74ae1cdce607873d2df.json │ ├── bb29531a91b1b43405e94417295c1fb3649f5748.json │ ├── bc7b2d743b1f44f21ef6e774dfd2c409d107d620.json │ ├── bc989976afb95181804f64799c9051c0c74863f8.json │ ├── bd2487ab36a965f67aaf94c0d4778316cf0e158a.bin.json │ ├── bf1cfc65b78f5222d35dc3bd2f0a87c9798bce5a48348649dd271ce395656341.json │ ├── c01b6dd244ea92970ad48a9449b9342f866b86de.json │ ├── c0429746d64994134a0fbfa7d2c8a02dbca289a5.json │ ├── c0b2967d8794e86f6e7fba6cd31a7ac4.json │ ├── c0f7ec4537283431d6370c609615cf38c1733411.json │ ├── c3ebd4c5b9fefbc44d8ca1b119be7fc5ebfa08cc.json │ ├── c44e9b86d331cea5ba22f53891f95800.json │ ├── c570daf08d4f57a933975ed33e5a5655.dl.json │ ├── c5d7902a1b5bb55cf98a15707e5d99b0404d866d.json │ ├── c606145bcf68b4bb27351752b2eb2520.bin.json │ ├── c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd.json │ ├── c73cba92512849e59770993e976f5a1ccf4d1fc4.json │ ├── c88463e48877bf5654961551067c0b132fcd1fde.json │ ├── ca0ebcbd481b686e8bea24fe2bf985b2876050a0.json │ ├── cbc45ffdd5b835a73c9fa26190468ca4c8b7e910.json │ ├── cbce8d0302654b0fa1489fcbe03678c96f7b5723.json │ ├── ce40bd06ba49e838f39555b776267a79fc8e02fa.json │ ├── ce6172e02b26e17ea26edc980e82f2b0.json │ ├── cebcc423d17fd518ded999e5eb866e4a6568cecc.json │ ├── cf9e5b5440c2c848cd7bceff2c3cf3d329865312.json │ ├── cfd89befa2a9555e04e617fa1658bddb.json │ ├── d1f6199b49ce2178ac2b85b18211e15a.json │ ├── d1fd3d5b01316be539ca3fa5d6822181.json │ ├── d334ba973a8e4102573c4a0a0aa4aa39bc9cc001.bin.json │ ├── d53291bed3794e82f5b0a069ee6e68b6.json │ ├── d6ea2746c9c7b3ea1c9d06654d597896.json │ ├── d7229cd45cde6689503ef3d04b1e8cd2f4e8045e.json │ ├── d8a23c2bcee7d0e519585d0c357226b8079a410b.json │ ├── d9af1a9a8fe4030fbecccd555438124ada2e87e6.json │ ├── da2c7067947d301579863720bdc8bbd6.json │ ├── de0a4bf235e340808b0c70ec6bb396bd021b2979.json │ ├── df79d80e596e721137dc20ef09812a780ffc902d.json │ ├── e0563862a6da49dba2afe4b2dfcadeb3.json │ ├── e15ec2b51c9f8a1b73cb11fd5ba65ffa.json │ ├── e186093282bf01d5d712c7f8304df8caf886122d.json │ ├── e35f598da80d726bd0bc7fcc28277ad2b2c31dce.json │ ├── e38412503dc68ac876b3cd282e2b242d87ea976b.json │ ├── e3a2426e3ec553c5a4ae69d6d7c518cd35f4ea6a.json │ ├── e497f452330ba894298b34f432f9518835a48309.json │ ├── e5255f2be5c1b97f94f2042695636808.json │ ├── e670c5d8e2ba7a81d1a4a13a74dc5ed4.htm.json │ ├── e7ccd27a69b28b6cb8a45c78983548339060c642.bin.json │ ├── e91452f836de1eecbd691db3d98bc7de.json │ ├── e9e7826dc7067a49b12935a97a915e89ab441e07.bin.json │ ├── ead6ac271eb6869e965eb611f2bb5126.json │ ├── eb0052caee9acaafabf7777f1dd8a31f.json │ ├── ebc903d0047fb78f52f763342ea1c3e164640c6d.json │ ├── ec93e2d6244192fc8f33374afc34a0de1aa3d2bc.json │ ├── ecc0e1a6fe67c2b790f82777fd798cae89ada595.json │ ├── eebcb0a221b651201654594af765b6ec.json │ ├── ef664dfbf8815f1b0498bf5cc4f4c57361cfa778.json │ ├── f043799830c03665ddaaa85bfc0b3d208647e20c.json │ ├── f0d8ab50d299d2d4a59457039cd822b2.json │ ├── f1691081b643921a6b71126a077d36e6.json │ ├── f2970e9cf91b6c3e3aa47ff060cd66e88751586f.json │ ├── f2a44e1ce247d2596abead236a9d0d10.json │ ├── f335cef1b7a86b617580bcaa284e4749.json │ ├── f36a82465bbc57ca246f0683bca4510e.json │ ├── f3de2a80018ae57e978be27137feac0c.json │ ├── f473a166dab2bebd904c421e30e354d512c3e743.json │ ├── f4daf07f9e6291a166bb8b55d60bff60c4c42a04.json │ ├── f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e.json │ ├── f6d239ee6b6f454eaab8eb4be0372f8367cb0560.json │ ├── fa0b1986a2367535cc4973064e789beab30a03cb.bin.json │ ├── fa2b1ccb6e1c011a00584bab55220a63279518f3.bin.json │ ├── fa71d38877c6f2138cb7b458f99d1ec74c874fc7.json │ ├── fad699a77e2482f0d2cb6207c901cd105e373832.json │ ├── fadfac70a8cb49fde2f0edf02b415f568eb1229c.json │ ├── fb5fb4156c676cf0e906fc61142cd80174e8aaff.json │ ├── fb72315203d8296c8a788657bda467194cc7dd39.json │ ├── fbd01b07df4aa9af8e92fb6d6720b040ebed6686.json │ ├── fbf2454bebf7d416a1b8cb4e61fb438e48ae9630.json │ ├── fc36d3a42b9034c58a1f48ec6548bcec989640dd.json │ ├── fc88f45bdcfd1d7682e6796083dfff0a0c01b0ba.json │ ├── fc934aa8379241d4a4c5abd700ead8c6b2500eee.bin.json │ ├── fcb03d6e013e122af445bfc4f3da50554b3f555b.json │ ├── fd12ce6384684c93750884d0180f36bfcdb669c0.json │ ├── fd860fe55dea0b5a41f31cb1990501d2591c97e7.bin.json │ ├── fd860fe55dea0b5a41f31cb1990501d2591c97e7.json │ ├── fe025678e6b79dbd215e9f0a27cfc7005a81d66a.json │ ├── fea522ecf342ca4aac2487f259d0c363a2ac6744.json │ ├── fefe7de97ea9a91b7bc753a696a77031.json │ ├── ffa92a7806098f8a56df796dbd9235f203ed781f.json │ ├── ffae2e3783e71c5ffa78950b8931be9c.json │ ├── ffea304037a6b333a82404d5bf76ac6c2341cebd.json │ ├── ffec8e103106bf52d2e05768dd349c3f1280b021.json │ ├── kido.exe.json │ ├── malware 2.exe.json │ ├── malware 3.exe.json │ ├── malware 4.exe.json │ ├── malware 5.exe.json │ ├── malware 6.exe.json │ ├── malware.exe.json │ ├── qp96qz5tvp36f1x20fl8vpfvm2w0apu1.exe.json │ ├── sali0001.pe_.json │ ├── sali0002.pe_.json │ ├── virussign.com_63e44f9e4c6e62045cb85d2d4915d118.exe.json │ ├── virussign.com_f167f4f474a8b8ece3671d97f11515c8.exe.json │ └── virussign.com_f8257f26a497a33b2b4483d7dc27c310.exe.json └── linux malware detect ├── README.md └── bashd /README.md: -------------------------------------------------------------------------------- 1 | # Code -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GeekOnlineCode/Code/d93c49c1a3a7d4d2b88f2bf91d642631543040db/graph theory&&Threat Intelligence/.DS_Store -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/013a4a892b6dd8e0f639c7aa97e5a13695a6faf5.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a6a2981b62f118e69e748b2171d3146d", "peid_signatures": null, "pe_filename": "013a4a892b6dd8e0f639c7aa97e5a13695a6faf5", "pe_timestamp": "2007-09-06 20:19:08", "virus_type": "013a4a892b6dd8e0f639c7aa97e5a13695a6faf5", "resource_attrs": {}, "section_attrs": {".dfg": 7.924089992038654}, "signature": [], "infos": {"sha1": "013a4a892b6dd8e0f639c7aa97e5a13695a6faf5", "name": "013a4a892b6dd8e0f639c7aa97e5a13695a6faf5", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "89692a3e2779ebea983da0cb6cabc2f20d759270ae8325659ce9397d96a60850", "crc32": "261F0C7C", "path": "./extract/013a4a892b6dd8e0f639c7aa97e5a13695a6faf5", "ssdeep": "1536:QUTXdRfpeHhlAeA19/MhsBeGaja69aSRqa5fmAVm:nTXrwGeA1+hQ3UUSUa5f", "size": 58368, "sha512": "fb965839bf54eaca0d8c8a426b4b7ddef8471d33c829d8457f17e6a5527042dd908be5b797bc64fce3896ddca374594f4f36ce15cea81c049fb77cdcc2c84a99", "md5": "e1afd4bdedd54f16dc9ab2b82ac10b4a"}, "versioninfo": {}, "ssdeep": "1536:QUTXdRfpeHhlAeA19/MhsBeGaja69aSRqa5fmAVm:nTXrwGeA1+hQ3UUSUa5f", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["_itoa"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegEnumValueA"], "WS2_32.dll": ["connect"], "USER32.dll": ["GetForegroundWindow"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0207bceaad84356e63bae0084a616dc3.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "e152b8232ffb8d7e035b517fccb79a12", "peid_signatures": null, "pe_filename": "0207bceaad84356e63bae0084a616dc3", "pe_timestamp": "2006-01-16 18:33:03", "virus_type": "0207bceaad84356e63bae0084a616dc3", "resource_attrs": {}, "section_attrs": {"UPX1": 7.872958212999826, ".1UPX1": 7.982215417138919, ".rsrc": 4.5224913711442625}, "signature": [], "infos": {"sha1": "f141dd85fbc54a5e93faf5a7235cc0d668956b7c", "name": "0207bceaad84356e63bae0084a616dc3", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "3b2f3f93d15872145373881818fda70d341bd5217e1e7fa66d494d85d8033bab", "crc32": "4859AD7C", "path": "./extract/0207bceaad84356e63bae0084a616dc3", "ssdeep": "3072:MaDWJBZmoC0f5cVgFPDBHZAfAAVJv8lgzIp6P5L+brVGySG:XLcFPDZ5AVV8CzIMUbrVGySG", "size": 194307, "sha512": "5441df43819edcdebf1709e0fd8cb2a31eee8f17f7518ab2258f5aa13c31dd6f569b0fd1f1a1646ceb579b002d04f261dd5b43bbdedbcad1d5ae0179cccd0a0c", "md5": "0207bceaad84356e63bae0084a616dc3"}, "versioninfo": {"InternalName": "WinZip 8.1", "FileVersion": "1.00", "CompanyName": "WinZip 8.1", "Comments": "WinZip", "ProductName": "WinZip", "ProductVersion": "1.00", "Translation": "0x0409 0x04b0", "OriginalFilename": "WinZip 8.1.exe"}, "ssdeep": "3072:MaDWJBZmoC0f5cVgFPDBHZAfAAVJv8lgzIp6P5L+brVGySG:XLcFPDZ5AVV8CzIMUbrVGySG", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/02a52d3f2d97f6052a5a0f5524e2f193657136f7.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "056c83ee122022cf0c2a7fd179c41458", "peid_signatures": null, "pe_filename": "02a52d3f2d97f6052a5a0f5524e2f193657136f7", "pe_timestamp": "2009-12-20 18:18:57", "virus_type": "02a52d3f2d97f6052a5a0f5524e2f193657136f7", "resource_attrs": {}, "section_attrs": {".text": 5.340256896468472, ".rsrc": 4.340191492251164}, "signature": [], "infos": {"sha1": "02a52d3f2d97f6052a5a0f5524e2f193657136f7", "name": "02a52d3f2d97f6052a5a0f5524e2f193657136f7", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "45342b9316c2f4fbe34b1c4e210b52d61baa41d408aadbdb16263df61eacbc72", "crc32": "F3618BD5", "path": "./extract/02a52d3f2d97f6052a5a0f5524e2f193657136f7", "ssdeep": "768:8IWnywIjbuY8C1jskr/v/m89S3rkC6R+wibw52Tzp6L:8wnuYnNskr3mbkC6R+Xp6L", "size": 53248, "sha512": "3d8eb3eb445c8d04755e5109674a5a99f23abd45fd6d3ddeffdbe28715d5dba1b76c4113a4ba630357e0ba4fb81693aee111bd1f20c22869ed5979528319a781", "md5": "c5247cb481fdb4ae689db5582275ad08"}, "versioninfo": {"InternalName": "PPwNkisE", "FileVersion": "6.70", "CompanyName": "PPwNkisE", "ProductName": "PPwNkisE", "ProductVersion": "6.70", "Translation": "0x0409 0x04b0", "OriginalFilename": "PPwNkisE.exe"}, "ssdeep": "768:8IWnywIjbuY8C1jskr/v/m89S3rkC6R+wibw52Tzp6L:8wnuYnNskr3mbkC6R+Xp6L", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0748e867bace63ab27228de6e4de82cca0256412.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "c52ed71fa72d79d8d1f275033d623f3a", "peid_signatures": null, "pe_filename": "0748e867bace63ab27228de6e4de82cca0256412.bin", "pe_timestamp": "1995-12-30 01:06:46", "virus_type": "0748e867bace63ab27228de6e4de82cca0256412", "resource_attrs": {}, "section_attrs": {".ldata": 7.996103531109057, ".text": 5.876870472954699, ".rsrc": 2.748265425016176}, "signature": [], "infos": {"sha1": "0748e867bace63ab27228de6e4de82cca0256412", "name": "0748e867bace63ab27228de6e4de82cca0256412.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "643b435e83828a303676d5b6a14b784453f603e1add74523d07dec28fad66513", "crc32": "22FEE7F9", "path": "./extract/0748e867bace63ab27228de6e4de82cca0256412.bin", "ssdeep": "3072:beYy5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLkNV:Ry4oIDbByGPMsMPgsdWSEhlpB", "size": 216064, "sha512": "92f1a1f362ce45a8c38fc328bb23229343c812629d7fab47d688fb8c2dfcf5d9d0dbb990bbbc935690c90a4230ae091578f7682ad36df304a358031a7f741dc0", "md5": "4608ac8c74c8ebab00db1e9b0f4f6db0"}, "versioninfo": {"InternalName": "OSxRLZKQ", "FileVersion": "6.84", "ProductName": "OSxRLZKQ", "ProductVersion": "6.84", "Translation": "0x0409 0x04b0", "OriginalFilename": "OSxRLZKQ.exe"}, "ssdeep": "3072:beYy5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLkNV:Ry4oIDbByGPMsMPgsdWSEhlpB", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0929c6ff1cadc87dcb8ea058928d38dd.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "6801789d7db148dcab782feacf28ecfc", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "0929c6ff1cadc87dcb8ea058928d38dd", "pe_timestamp": "2009-01-13 10:29:20", "virus_type": "0929c6ff1cadc87dcb8ea058928d38dd", "resource_attrs": {}, "section_attrs": {"UPX1": 7.838838521987941, ".rsrc": 4.550693210228229}, "signature": [], "infos": {"sha1": "3c37f3510bba5b5b1e3575182c261b8d97d71f07", "name": "0929c6ff1cadc87dcb8ea058928d38dd", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "8aed0489808685c44d6d5c80a33f214e1d600f9d4ec6c6ab8c2de3c4c9e3c7e9", "crc32": "4E46B6DB", "path": "./extract/0929c6ff1cadc87dcb8ea058928d38dd", "ssdeep": "6144:ld36DC8wyErzGjMVqRTQdvqfuY7wXNwVV6pqi73E:lhBfG8qRTwvqfuY7w8VHi", "size": 227840, "sha512": "902e49245674db9899be6bc3ccc3cf47df7b09e71790896a4cfd0cc4d0e5c8524a866c2f8264724a7f3e181b3f89ca61ec551210c9addd692264b514e21bc2da", "md5": "0929c6ff1cadc87dcb8ea058928d38dd"}, "versioninfo": {}, "ssdeep": "6144:ld36DC8wyErzGjMVqRTQdvqfuY7wXNwVV6pqi73E:lhBfG8qRTwvqfuY7w8VHi", "static_imports": {"count": 3, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "USER32.dll": ["EndPaint"], "GDI32.dll": ["TextOutW"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/09e2d024c83c8095b478214038a756c5.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "14b795096036281cdc90cffb1c21065e", "peid_signatures": null, "pe_filename": "09e2d024c83c8095b478214038a756c5", "pe_timestamp": "2010-05-01 01:46:40", "virus_type": "09e2d024c83c8095b478214038a756c5", "resource_attrs": {}, "section_attrs": {".data": 0.43320347513537405, ".rdata": 3.0668398174224354, ".text": 7.587703895769469, ".rsrc": 7.960701224755906}, "signature": [], "infos": {"sha1": "edbbf5e878225b67a5a17cb493cc2aced4dd9f33", "name": "09e2d024c83c8095b478214038a756c5", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "c9394efe1dfdce30a907bb50d46265a77865872b9d98cae87f90370f86aca8f3", "crc32": "4555AB4F", "path": "./extract/09e2d024c83c8095b478214038a756c5", "ssdeep": "3072:AxfOWHpq5wcT0QxWYZIpJj/uKrG1NK+Lu/Kq22l9A/wlv:Axw5VT0QxDIL2KrGt6Fp9gw5", "size": 107008, "sha512": "20de42ee021bc900aae8c8decb828f32cd56766a802e2017fc120ae67c472cad79463c1c53a3ce2688312816168cf3ad7adb945b302edd51e0bc562474c58a98", "md5": "09e2d024c83c8095b478214038a756c5"}, "versioninfo": {}, "ssdeep": "3072:AxfOWHpq5wcT0QxWYZIpJj/uKrG1NK+Lu/Kq22l9A/wlv:Axw5VT0QxDIL2KrGt6Fp9gw5", "static_imports": {"count": 1, "kernel32.dll": ["EnumDateFormatsA", "ExitProcess", "GetFileSize", "GetLastError", "GetModuleHandleA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0LVD7FUB.VIR.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "c52ed71fa72d79d8d1f275033d623f3a", "peid_signatures": null, "pe_filename": "0LVD7FUB.VIR", "pe_timestamp": "1995-12-30 01:06:46", "virus_type": "0LVD7FUB", "resource_attrs": {}, "section_attrs": {".ldata": 7.996103531109057, ".text": 5.876870472954699, ".rsrc": 2.748265425016176}, "signature": [], "infos": {"sha1": "0748e867bace63ab27228de6e4de82cca0256412", "name": "0LVD7FUB.VIR", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "643b435e83828a303676d5b6a14b784453f603e1add74523d07dec28fad66513", "crc32": "22FEE7F9", "path": "./extract/0LVD7FUB.VIR", "ssdeep": "3072:beYy5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLkNV:Ry4oIDbByGPMsMPgsdWSEhlpB", "size": 216064, "sha512": "92f1a1f362ce45a8c38fc328bb23229343c812629d7fab47d688fb8c2dfcf5d9d0dbb990bbbc935690c90a4230ae091578f7682ad36df304a358031a7f741dc0", "md5": "4608ac8c74c8ebab00db1e9b0f4f6db0"}, "versioninfo": {"InternalName": "OSxRLZKQ", "FileVersion": "6.84", "ProductName": "OSxRLZKQ", "ProductVersion": "6.84", "Translation": "0x0409 0x04b0", "OriginalFilename": "OSxRLZKQ.exe"}, "ssdeep": "3072:beYy5UPb1WpXVxAaGBvbNvNbNJkvmhyPQbaDTUXGIDbwKDqCtrwdAxaVTtVHLkNV:Ry4oIDbByGPMsMPgsdWSEhlpB", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a023357abb3c183f8b69a821fede23ca33a87b6.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "PORTUGUESE", "PORTUGUESE_BRAZILIAN"], "pe_imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "peid_signatures": ["yoda's Protector V1.03.3 -> Ashkbiz Danehkar"], "pe_filename": "0a023357abb3c183f8b69a821fede23ca33a87b6", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "0a023357abb3c183f8b69a821fede23ca33a87b6", "resource_attrs": {}, "section_attrs": {".yP": 7.948487992135945, ".x01": 7.980430477760476, ".rsrc": 4.550566580440874}, "signature": [], "infos": {"sha1": "0a023357abb3c183f8b69a821fede23ca33a87b6", "name": "0a023357abb3c183f8b69a821fede23ca33a87b6", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "e3603e06665beade5bafff462e10080dd2a2eeb0ac201557395b3f45c6e86684", "crc32": "006657A5", "path": "./extract/0a023357abb3c183f8b69a821fede23ca33a87b6", "ssdeep": "3072:Waj1M00hqqxmivnjLaJVEQxY3hy2PzcXjgn96TSz+8CblTqcv7Id4AglOvEW8AD:Z0jxmivnqJE8UkgnAWzPc8MgoOvz8", "size": 204800, "sha512": "e1fbc487ec591cd5a6c760f54ec8a122d9d7ef71953d2a1a61c7b791b52a4c615b24a116a147fa22680c35a7b5708e9b35ef18667e545ab0f6a3a7d2f9418bb6", "md5": "4561c2fd9c6fd2b4ed5afe2b3faef8fc"}, "versioninfo": {}, "ssdeep": "3072:Waj1M00hqqxmivnjLaJVEQxY3hy2PzcXjgn96TSz+8CblTqcv7Id4AglOvEW8AD:Z0jxmivnqJE8UkgnAWzPc8MgoOvz8", "static_imports": {"count": 1, "Kernel32.dll": ["LoadLibraryA", "GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a228f6e08cdc9282985d6cc64c674f0.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "82bf60972af8dcae3a06893ac6561b87", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "0a228f6e08cdc9282985d6cc64c674f0", "pe_timestamp": "2008-08-28 03:32:42", "virus_type": "0a228f6e08cdc9282985d6cc64c674f0", "resource_attrs": {}, "section_attrs": {"UPX2": 3.3714670277490857, "UPX1": 7.917774217425456}, "signature": [], "infos": {"sha1": "0563ba9a27018d24eaadab7c89b5419d1b80f840", "name": "0a228f6e08cdc9282985d6cc64c674f0", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "e3ffad61e4bc58fd429a6f1cb501e8d5e6dc467d2ce81a03c65f3d60931a55b0", "crc32": "36C477C8", "path": "./extract/0a228f6e08cdc9282985d6cc64c674f0", "ssdeep": "1536:WmYqgjIksQMpE1fgRGcBZVxFvHg304el:WmYt/NMpucBb/v", "size": 51710, "sha512": "3efa20cb12ab2890d4e0c85f010587a2cdf52131eedeff9fa341246d99002e0bdf4423479afc8ce10127b7c0e5e432f07d01e2ddb7bb8f672a8d543260685d43", "md5": "0a228f6e08cdc9282985d6cc64c674f0"}, "versioninfo": {}, "ssdeep": "1536:WmYqgjIksQMpE1fgRGcBZVxFvHg304el:WmYt/NMpucBb/v", "static_imports": {"count": 6, "SHELL32.dll": ["SHFileOperationA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["malloc"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["ntohs"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a38173d9aa999a2f50907217b3235de5817624b.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "0a38173d9aa999a2f50907217b3235de5817624b", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "0a38173d9aa999a2f50907217b3235de5817624b", "resource_attrs": {}, "section_attrs": {".data": 0.4055483537412537, ".rdata": 3.754975006848321, ".text": 6.641362710907072, ".rsrc": 5.3947171892190315}, "signature": [], "infos": {"sha1": "0a38173d9aa999a2f50907217b3235de5817624b", "name": "0a38173d9aa999a2f50907217b3235de5817624b", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "4c4855a3a502902608c2cd6fb5a4d95864c1c0b640487cfdc831081cbc82b7f0", "crc32": "BF3DFE04", "path": "./extract/0a38173d9aa999a2f50907217b3235de5817624b", "ssdeep": "768:X4eYOgtJ/lFoMyi8i2FjhEZVf9CwPqw2gA6zd3E3Zb:Xfhg5FOLVxhEPf9CwPq/Bd", "size": 25600, "sha512": "3a6694740c50859b970533c905148b914ae6017bf47b384fdeb11fc20e42277c05d7fbb576a86ddca7d1a5c9830c6218e076a89a31650b2e5e5c2cf1d79cc53c", "md5": "479fe568741cdd52258409f6050cb6d1"}, "versioninfo": {}, "ssdeep": "768:X4eYOgtJ/lFoMyi8i2FjhEZVf9CwPqw2gA6zd3E3Zb:Xfhg5FOLVxhEPf9CwPq/Bd", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a4a48efc9f0f030ae9cfc6cf048059cebd73d00.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "0a4a48efc9f0f030ae9cfc6cf048059cebd73d00", "pe_timestamp": "2015-03-07 04:31:45", "virus_type": "0a4a48efc9f0f030ae9cfc6cf048059cebd73d00", "resource_attrs": {}, "section_attrs": {".reloc": 0.10191042566270775, ".rsrc": 3.2840325337047123, ".text": 6.419320105075863, ".sdata": 1.9573165161531871}, "signature": [], "infos": {"sha1": "0a4a48efc9f0f030ae9cfc6cf048059cebd73d00", "name": "0a4a48efc9f0f030ae9cfc6cf048059cebd73d00", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "1f57c3c40a5a3d6442197f004738f30f0aecaed720c286fae22dca144a43fd1e", "crc32": "EF9D4103", "path": "./extract/0a4a48efc9f0f030ae9cfc6cf048059cebd73d00", "ssdeep": "3072:8x+QMgSXupDSbLiAfBb2V6cOG9GlmqHxRTIMsd73RTPpM:cTSeRSXZcOsgxRWdTR", "size": 154624, "sha512": "d196820a53e34a0a0acc24d5787e230f17afc20d1e6f648e82955f680de0c33b26bfaed0b524edd1762cd10f33ae2347f398e19719c7b2142387648d6609a956", "md5": "aa5cc4746e9c7032b7af15bcfcee47bd"}, "versioninfo": {"LegalCopyright": "Copyright \\xa9 2015", "Assembly Version": "1.0.0.0", "InternalName": "hoho.exe", "FileVersion": "1.0.0.0", "ProductName": "hoho", "ProductVersion": "1.0.0.0", "FileDescription": "hoho", "Translation": "0x0000 0x04b0", "OriginalFilename": "hoho.exe"}, "ssdeep": "3072:8x+QMgSXupDSbLiAfBb2V6cOG9GlmqHxRTIMsd73RTPpM:cTSeRSXZcOsgxRWdTR", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a52afb9da7cec92759ae1532aa543774acb899e.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "8e013ef7fbb3e3b3e5677ac9928758c9", "peid_signatures": null, "pe_filename": "0a52afb9da7cec92759ae1532aa543774acb899e", "pe_timestamp": "1970-05-27 10:02:49", "virus_type": "0a52afb9da7cec92759ae1532aa543774acb899e", "resource_attrs": {}, "section_attrs": {".nex": 6.731525980978317, ".data": 7.972964297649324, ".rdata": 7.950402219792502, ".text": 7.994376972710457, ".conf": 7.996031666258049}, "signature": [], "infos": {"sha1": "0a52afb9da7cec92759ae1532aa543774acb899e", "name": "0a52afb9da7cec92759ae1532aa543774acb899e", "type": "MS-DOS executable", "sha256": "1fb194761dc1a75d453342f2e7eac339e38f39d16c0e7c64e4e70032daa72fee", "crc32": "C539ADA6", "path": "./extract/0a52afb9da7cec92759ae1532aa543774acb899e", "ssdeep": "768:L0ETzDZKtnB8BQNWaVtin6IYUMsGLFGaAyN6S895o8adcsmvS:L0ETsWaVc4UGLIaAyNpM+eDS", "size": 47767, "sha512": "3f1370a23bed47c2b3fee39525de745956aa306cce7bb85847d7d8441363bc32d292e2102ba440ecdcb3793abe4b159c80b3aee635529f0a02dfd476cc16504f", "md5": "22976fc0ed93d7fa55d80edc1beac4b8"}, "versioninfo": {}, "ssdeep": "768:L0ETzDZKtnB8BQNWaVtin6IYUMsGLFGaAyN6S895o8adcsmvS:L0ETsWaVc4UGLIaAyNpM+eDS", "static_imports": {"count": 1, "KERNEL32.dll": ["EnterCriticalSection", "CompareStringA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a9626d40bbfbcf7af04d5e2081c5715d8863356.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "7a7803027531302026dedc7b5f6025f2", "peid_signatures": null, "pe_filename": "0a9626d40bbfbcf7af04d5e2081c5715d8863356", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "0a9626d40bbfbcf7af04d5e2081c5715d8863356", "resource_attrs": {}, "section_attrs": {"CODE": 7.999699384409448, "DATA": 7.994409609696837, ".idata": 7.9859268528655125, ".rdata": 0.2108262677871819, ".rsrc": 4.594096132601862}, "signature": [], "infos": {"sha1": "0a9626d40bbfbcf7af04d5e2081c5715d8863356", "name": "0a9626d40bbfbcf7af04d5e2081c5715d8863356", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "dd30aa4ae1ac5b542b7e0ad9c473aed68ec6c1dab95316b6d2f2111bd059d598", "crc32": "96F68C94", "path": "./extract/0a9626d40bbfbcf7af04d5e2081c5715d8863356", "ssdeep": "12288:8ePLOheQJyNQMe8VWDL3j7kC1E/DqbG2B9p3JNITlXBwDb7g2ruVaMY2idMGnUHP:RB9NQMhVq3YC4qG2dLkXBw/7LrUBY2GX", "size": 705024, "sha512": "ceacd2b3cdbbeca701564885e1bd547cb4baf841fd1e4ced5d07f96c4718e6d49c8c3311b39504e9ff7a1de6345312dc092caa0123266b2e271a56eb83633d22", "md5": "27dbc7756566b8d5673706fe55d445cf"}, "versioninfo": {}, "ssdeep": "12288:8ePLOheQJyNQMe8VWDL3j7kC1E/DqbG2B9p3JNITlXBwDb7g2ruVaMY2idMGnUHP:RB9NQMhVq3YC4qG2dLkXBw/7LrUBY2GX", "static_imports": {"count": 1, "KERNEL32": ["GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0a9c4e2b056ad33255091f0e081a2ea0b35da77b.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "dae02f32a21e03ce65412f6e56942daa", "peid_signatures": null, "pe_filename": "0a9c4e2b056ad33255091f0e081a2ea0b35da77b", "pe_timestamp": "2015-09-06 19:06:48", "virus_type": "0a9c4e2b056ad33255091f0e081a2ea0b35da77b", "resource_attrs": {}, "section_attrs": {".reloc": 0.08153941234324169, ".text": 7.262820509617218, ".rsrc": 3.8072135782815493}, "signature": [], "infos": {"sha1": "0a9c4e2b056ad33255091f0e081a2ea0b35da77b", "name": "0a9c4e2b056ad33255091f0e081a2ea0b35da77b", "type": "PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "1da1df6e986926c6ab8ab10084cd40c72d705ca107e8949a71fe275ce617f2c5", "crc32": "1998743C", "path": "./extract/0a9c4e2b056ad33255091f0e081a2ea0b35da77b", "ssdeep": "768:xEmIFQKIcwsuAPAg5kEzlMLnuByrUwdrrkSWHIhlUrF4dR:ehQ3vZg5k7LnMerr+FrF4dR", "size": 38400, "sha512": "8b070f867949898e282dc4436a5709a4161fe359eb66546ede81d6ae31432caf5633195d92c5347139f7021ac531f1e209ad321da00b15d04dc4e651039a51a0", "md5": "d7a189601cfd29f432a6bc71cfc95db2"}, "versioninfo": {"LegalCopyright": " ", "Assembly Version": "0.0.0.0", "InternalName": "Server.exe", "FileVersion": "0.0.0.0", "Comments": "RPX 1.3.4400.61", "ProductVersion": "0.0.0.0", "FileDescription": " ", "Translation": "0x0000 0x04b0", "OriginalFilename": "Server.exe"}, "ssdeep": "768:xEmIFQKIcwsuAPAg5kEzlMLnuByrUwdrrkSWHIhlUrF4dR:ehQ3vZg5k7LnMerr+FrF4dR", "static_imports": {"count": 1, "mscoree.dll": ["_CorDllMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/0d2c8ef5aec0f3668628d770ce073103160e8a22.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "0d2c8ef5aec0f3668628d770ce073103160e8a22", "pe_timestamp": "2015-09-13 10:55:54", "virus_type": "0d2c8ef5aec0f3668628d770ce073103160e8a22", "resource_attrs": {}, "section_attrs": {".text": 7.080606760442646}, "signature": [], "infos": {"sha1": "0d2c8ef5aec0f3668628d770ce073103160e8a22", "name": "0d2c8ef5aec0f3668628d770ce073103160e8a22", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "642e28779158f06a810c5f959016b6e07ac04fc795449be6a3013266240673f3", "crc32": "1961BB37", "path": "./extract/0d2c8ef5aec0f3668628d770ce073103160e8a22", "ssdeep": "24576:pWSJuCfodrv7iulULJcfA2JDSWBplY7qK4:pWSJ5foFv7igCQU+q", "size": 1708544, "sha512": "16509e620a786f3dd4250e362524348cc0cdd980553dc2622b4060ad763f31e3520c74b45dccd5a4312f101892ca71a5be0be18860e760d2ce2bb08b23b630d3", "md5": "d3f131cf67dd3b82efe3579332d144ab"}, "versioninfo": {}, "ssdeep": "24576:pWSJuCfodrv7iulULJcfA2JDSWBplY7qK4:pWSJ5foFv7igCQU+q", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/142cb62af31f7ddbc1bee38a097b08b9cea4ad30.json: -------------------------------------------------------------------------------- 1 | {"languages": ["UKRAINIAN", "DEFAULT", "ENGLISH", "ENGLISH_US"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": ["PECompact 2.xx --> BitSum Technologies"], "pe_filename": "142cb62af31f7ddbc1bee38a097b08b9cea4ad30", "pe_timestamp": "2009-07-14 19:59:15", "virus_type": "142cb62af31f7ddbc1bee38a097b08b9cea4ad30", "resource_attrs": {}, "section_attrs": {".text": 7.999947788592784, ".rsrc": 5.516873624621173}, "signature": [], "infos": {"sha1": "142cb62af31f7ddbc1bee38a097b08b9cea4ad30", "name": "142cb62af31f7ddbc1bee38a097b08b9cea4ad30", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "d155471bf235d9a9952995e5d1b340cc20e037ac83d8c01cf0284b6dad92c6e4", "crc32": "10E2E193", "path": "./extract/142cb62af31f7ddbc1bee38a097b08b9cea4ad30", "ssdeep": "98304:qAkjVXL/1+7Fxnjbp9E9kOpLhRglDp9zMpetrENJf:upL8xnjVl3H9zMuENJf", "size": 3781120, "sha512": "ba1749007a368575c210e7ab17586642a73d73ebb7612d9542a92b3c706f40497e62fc9d1708839207354b4edbe4a7a83b09b4713d474c117b2038b58e8ac5e7", "md5": "a290d9a1578e19bc72bc5c54b48e293c"}, "versioninfo": {}, "ssdeep": "98304:qAkjVXL/1+7Fxnjbp9E9kOpLhRglDp9zMpetrENJf:upL8xnjVl3H9zMuENJf", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/172dd8674afb1582b8d1e09ccfb50fa0a86754a1.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "172dd8674afb1582b8d1e09ccfb50fa0a86754a1", "pe_timestamp": "2015-11-29 23:31:14", "virus_type": "172dd8674afb1582b8d1e09ccfb50fa0a86754a1", "resource_attrs": {}, "section_attrs": {".reloc": 0.016408464515625623, ".text": 7.879568473049373, ".rsrc": 0.7180148962196061}, "signature": [], "infos": {"sha1": "172dd8674afb1582b8d1e09ccfb50fa0a86754a1", "name": "172dd8674afb1582b8d1e09ccfb50fa0a86754a1", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "531489afa03f872173c21d4048f2b1d7c1a096a08b6c13eea97c8a2e1a492351", "crc32": "3C8BD35B", "path": "./extract/172dd8674afb1582b8d1e09ccfb50fa0a86754a1", "ssdeep": "6144:92U+eKXlSqHGU2lIvvTE/1IJF9tuT5KaqTqdhTRQyxS:WWOocI5hdhT9xS", "size": 296760, "sha512": "8a168cb992b61a94be564ed36281b222e42e2b5a47e3e2f986c43404e2243657e85bdfb13c91ba1a7583c900ca2f1a417157dd10587af97f810ed0131eaea9e0", "md5": "a6504fdb96bdbb1fffccc9f6718b39f6"}, "versioninfo": {"LegalCopyright": " ", "Assembly Version": "0.0.0.0", "InternalName": "scan img 291115.exe", "FileVersion": "0.0.0.0", "ProductVersion": "0.0.0.0", "FileDescription": " ", "Translation": "0x0000 0x04b0", "OriginalFilename": "scan img 291115.exe"}, "ssdeep": "6144:92U+eKXlSqHGU2lIvvTE/1IJF9tuT5KaqTqdhTRQyxS:WWOocI5hdhT9xS", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/18687e1c15af45b295599aa1e8963c2b479bb101.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "9dcb8336739169fc8a750beced8f5e63", "peid_signatures": null, "pe_filename": "18687e1c15af45b295599aa1e8963c2b479bb101", "pe_timestamp": "2010-07-28 14:05:31", "virus_type": "18687e1c15af45b295599aa1e8963c2b479bb101", "resource_attrs": {}, "section_attrs": {".text": 5.931345825915838, ".rsrc": 4.836120274929413}, "signature": [], "infos": {"sha1": "18687e1c15af45b295599aa1e8963c2b479bb101", "name": "18687e1c15af45b295599aa1e8963c2b479bb101", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "4dc7a321bef674971ea8b68191ac81cb7f5b9f0553f49d8dbe85538045acdebf", "crc32": "C3BCB70E", "path": "./extract/18687e1c15af45b295599aa1e8963c2b479bb101", "ssdeep": "3072:zxeEyArP483y4CpCfCGCCOCwC9CvCFCfCLCvCUCLC2FInROUSRSGSuSQSmSNS4Sn:FBrg83yGFInROLVP", "size": 175616, "sha512": "95eec841fab9c419448b806a9762f854e3500822b3d5d4811aeb91732df02ae957653f70bc4f00ffed47bec3afcf39b2fad7d678b567d77acf3a46860bf56b02", "md5": "953a38d55bf8eb9adc1374743549aa13"}, "versioninfo": {"InternalName": "QFdqUtuV", "FileVersion": "4.84", "ProductName": "QFdqUtuV", "ProductVersion": "4.84", "Translation": "0x0409 0x04b0", "OriginalFilename": "QFdqUtuV.exe"}, "ssdeep": "3072:zxeEyArP483y4CpCfCGCCOCwC9CvCFCfCLCvCUCLC2FInROUSRSGSuSQSmSNS4Sn:FBrg83yGFInROLVP", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/1887facce6b1c91c25624774d37502e3.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "2538e50b6afbbe63ef8e5003aa3a77fc", "peid_signatures": ["ASPack v2.12 -> Alexey Solodovnikov"], "pe_filename": "1887facce6b1c91c25624774d37502e3", "pe_timestamp": "2010-11-06 20:33:38", "virus_type": "1887facce6b1c91c25624774d37502e3", "resource_attrs": {}, "section_attrs": {"UPX1": 7.997162626581216, ".MUPX1": 7.995651223269353, ".aspack": 5.415638475420039, ".rsrc": 3.0100460518762424}, "signature": [], "infos": {"sha1": "6b423dc3035a8e95e1a44064c2e0261cb554b491", "name": "1887facce6b1c91c25624774d37502e3", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "a0533576d1a264cbfe65b3df57bc5e8b6fe626ff20dc5387f6d289f0e8b0a3e2", "crc32": "28593C8A", "path": "./extract/1887facce6b1c91c25624774d37502e3", "ssdeep": "3072:eCLncT/4CCJgEjVEKlBkFPZCbW223nFwlNhYsA+H3P3gdmG/eTuJQGFaIpkYY:RTkhxEj2KlBDb323nylHbp3PmHQ4vpk", "size": 178176, "sha512": "7481ca1ce63eeb26967763070ea9bcb690ab91660580b6efe7b807da029f85fe8304b24517072e2c7cef37b99fdb2efa63521fd5ce1719596516e8b5a2d38079", "md5": "1887facce6b1c91c25624774d37502e3"}, "versioninfo": {"InternalName": "server51", "FileVersion": "1.09.0009", "CompanyName": " ", "ProductName": "..", "ProductVersion": "1.09.0009", "Translation": "0x0409 0x04b0", "OriginalFilename": "server51.exe"}, "ssdeep": "3072:eCLncT/4CCJgEjVEKlBkFPZCbW223nFwlNhYsA+H3P3gdmG/eTuJQGFaIpkYY:RTkhxEj2KlBDb323nylHbp3PmHQ4vpk", "static_imports": {"count": 2, "kernel32.dll": ["GetProcAddress", "GetModuleHandleA", "LoadLibraryA"], "msvbvm60.dll": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/1971cbe79219396af83bf49acfef0ea367fc58d6.json: -------------------------------------------------------------------------------- 1 | {"languages": ["FRENCH"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "1971cbe79219396af83bf49acfef0ea367fc58d6", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "1971cbe79219396af83bf49acfef0ea367fc58d6", "resource_attrs": {}, "section_attrs": {".rsrc": 5.415571241920512}, "signature": [], "infos": {"sha1": "1971cbe79219396af83bf49acfef0ea367fc58d6", "name": "1971cbe79219396af83bf49acfef0ea367fc58d6", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "51e205a195c0180e9fec666a99ab41cfff96bf6fabc43227b606d04a2b82ec5c", "crc32": "D1046445", "path": "./extract/1971cbe79219396af83bf49acfef0ea367fc58d6", "ssdeep": "24:yCNelGGfUFf2jUUlKitMkyEib6666wcoMFm5i5XgVN1VgpBun3h5EK6sWb2R0pit:IPsQj3KiHVUvANnge3r822p4p", "size": 2484, "sha512": "98472b7cf2edac87882cd9ca529f783a2f0ab24d89e929d5e0028716d4d57036fc9d543a52a082fe225ba5f406eee231cd55ddc7e330bfd827a8b71f4f346a7d", "md5": "91b8046b1b9fd095c12e091acb334be5"}, "versioninfo": {}, "ssdeep": "24:yCNelGGfUFf2jUUlKitMkyEib6666wcoMFm5i5XgVN1VgpBun3h5EK6sWb2R0pit:IPsQj3KiHVUvANnge3r822p4p", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/1975f52664eb4fd946f3a03e7dc6731a.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f5e3a89d0f3ed1b4e0156eaa149958ce", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "1975f52664eb4fd946f3a03e7dc6731a", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "1975f52664eb4fd946f3a03e7dc6731a", "resource_attrs": {}, "section_attrs": {".RUPX1": 7.993801745032655, "DexCrypt": 4.454802823200384, "UPX1": 7.760101617957418, ".rsrc": 5.57534998871275}, "signature": [], "infos": {"sha1": "7d5a039983f612845a0e1f28bfbd0a007a768e19", "name": "1975f52664eb4fd946f3a03e7dc6731a", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "4592056ccc7fb2be7a94e4610d9a3a3a5fbe374dfe605342cd48b15aa2609078", "crc32": "55CC7AAA", "path": "./extract/1975f52664eb4fd946f3a03e7dc6731a", "ssdeep": "6144:rpGq0AQZK0i9T84bmb84UA8GPR+Te/CxiCvlnbutmRbvRuRSQJjVqrpj:rpGVAmu/bmA4UArPcTeoiMlnhRDRgSQI", "size": 343118, "sha512": "75fbdb45e13189d9e6967a238a00947c7015156f72819463e9d4fcc06f2b32b972f3db133777f501e73fff5b6a8ea59f789740306322764c9dec884aae1a8b76", "md5": "1975f52664eb4fd946f3a03e7dc6731a"}, "versioninfo": {}, "ssdeep": "6144:rpGq0AQZK0i9T84bmb84UA8GPR+Te/CxiCvlnbutmRbvRuRSQJjVqrpj:rpGVAmu/bmA4UArPcTeoiMlnhRDRgSQI", "static_imports": {"count": 9, "crypt32.dll": ["CryptUnprotectData"], "pstorec.dll": ["PStoreCreateInstance"], "shell32.dll": ["SHGetSpecialFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "rasapi32.dll": ["RasEnumEntriesA"], "oleaut32.dll": ["SysFreeString"], "advapi32.dll": ["LsaClose"], "ole32.dll": ["OleInitialize"], "user32.dll": ["ToAscii"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "f433e7fcc51e68080022754836705744", "peid_signatures": ["EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)"], "pe_filename": "1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89", "pe_timestamp": "2007-09-06 20:19:08", "virus_type": "1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89", "resource_attrs": {}, "section_attrs": {"f1dfid6q": 7.535554635096208, "802izwe5": 7.990877820495184}, "signature": [], "infos": {"sha1": "1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89", "name": "1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1ce2280aaecd9162591e248ae8e940fc81171b003aca7b285d44cba4bdd2477e", "crc32": "914B1A02", "path": "./extract/1bc61a730f459dd3607e9dc58cae8d1e7cb4ee89", "ssdeep": "1536:5bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8gH:i/xJKlrFxHr0/IB8+Nm8gl82", "size": 103424, "sha512": "7e76e2685621a60eb341e8bf14952f635d708be693b8622d3834acaf8d4f887befff4f2d1990a2668925426bd4561e323f3a638f191c5a6e6512c7b1f0258b5f", "md5": "2a731f659f9a719b653d15c5a4005345"}, "versioninfo": {}, "ssdeep": "1536:5bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8gH:i/xJKlrFxHr0/IB8+Nm8gl82", "static_imports": {"count": 2, "kernel32.dll": ["GetModuleHandleA", "LoadLibraryA", "GetProcAddress", "ExitProcess", "VirtualAlloc", "VirtualFree"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/222bd94810e8c81e7c3edbb3e41d7bc8.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "3243b13e562279ab7fbe2f31e45d3a95", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "222bd94810e8c81e7c3edbb3e41d7bc8", "pe_timestamp": "2011-02-24 22:40:00", "virus_type": "222bd94810e8c81e7c3edbb3e41d7bc8", "resource_attrs": {}, "section_attrs": {"UPX1": 7.800211816440238, ".rsrc": 6.862025600583304}, "signature": [], "infos": {"sha1": "491cc7651dbbd8dabd48786d4b7d4821113e68a9", "name": "222bd94810e8c81e7c3edbb3e41d7bc8", "type": "PE32 executable (GUI) Intel 80386 system file, for MS Windows, UPX compressed", "sha256": "108e4408bd0b4ba51fbe618d74b07153c62ec5d76b3fd8832092ba3bb037c224", "crc32": "AC6B42CC", "path": "./extract/222bd94810e8c81e7c3edbb3e41d7bc8", "ssdeep": "6144:T5rCaQV13EH4oSYk0f+8bV7oktJE/7TNovL9Z:lQV1qJk0f/9oMmGvLf", "size": 315130, "sha512": "1d18eac60073c58971b09259d1cffa06e66ffbde9bc9358d203fa907c467f4934c02884c1a0683d7a0a01302649ea89f6843cf3ba45bacb5f212886ad33a3cb1", "md5": "222bd94810e8c81e7c3edbb3e41d7bc8"}, "versioninfo": {"LegalCopyright": "wZnxggSFhDP", "InternalName": "5151", "FileVersion": "1.00", "CompanyName": "eYqnK", "Comments": "EKGSVkF", "ProductName": "tsxibiMaZ", "ProductVersion": "1.00", "FileDescription": "LdOSt", "Translation": "0x0409 0x04b0", "OriginalFilename": "5151.exe"}, "ssdeep": "6144:T5rCaQV13EH4oSYk0f+8bV7oktJE/7TNovL9Z:lQV1qJk0f/9oMmGvLf", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/27414b673636d1b34052a055bf1fa6930a604a95.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "f2f8333e70ce230df54342a3378d6806", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "27414b673636d1b34052a055bf1fa6930a604a95", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "27414b673636d1b34052a055bf1fa6930a604a95", "resource_attrs": {}, "section_attrs": {"5Avip": 7.730731684027493}, "signature": [], "infos": {"sha1": "27414b673636d1b34052a055bf1fa6930a604a95", "name": "27414b673636d1b34052a055bf1fa6930a604a95", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "150cae7e502501c4a7a0a5f7877bf43f19513dffb51968eed4ef71961e5da81c", "crc32": "9700FE02", "path": "./extract/27414b673636d1b34052a055bf1fa6930a604a95", "ssdeep": "12288:uykKKw2Bf+EV6RAXpb9nNaqub+tr76/n1Ef3sW2G9zNqEl2CYB76d6b7MP+Dd2Sy:uv7f+EVgAZbVNPuH/1msl25nl2PB7L7+", "size": 728576, "sha512": "8a9004d0a3632600c3748bcc342fc176a0282ffc109f08c3389bb33fb77651b8915d95031b139920ddfb350f12ef0a947f664623c46a1befa7a4c8ec09589339", "md5": "465b3335e44592d9d3708132ae3ad01c"}, "versioninfo": {}, "ssdeep": "12288:uykKKw2Bf+EV6RAXpb9nNaqub+tr76/n1Ef3sW2G9zNqEl2CYB76d6b7MP+Dd2Sy:uv7f+EVgAZbVNPuH/1msl25nl2PB7L7+", "static_imports": {"count": 18, "comdlg32.dll": ["GetSaveFileNameA"], "wsock32.dll": ["WSACleanup"], "version.dll": ["VerQueryValueA"], "gdi32.dll": ["UnrealizeObject"], "shell32.dll": ["SHGetSpecialFolderLocation"], "kernel32.dll": ["RaiseException"], "oleaut32.dll": ["VariantChangeTypeEx"], "advapi32.dll": ["RegSetValueExA"], "ole32.dll": ["CreateStreamOnHGlobal"], "user32.dll": ["CreateWindowExA"], "comctl32.dll": ["ImageList_SetIconSize"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/277a41e541577a7766d894ba00e9f922ed4f979c.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "0c170d7ecc03933e495c0870e9c69102", "peid_signatures": null, "pe_filename": "277a41e541577a7766d894ba00e9f922ed4f979c", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "277a41e541577a7766d894ba00e9f922ed4f979c", "resource_attrs": {}, "section_attrs": {"CODE": 6.424835671687575, ".rsrc": 6.076119972603912, ".idata": 3.398636217887194, ".rdata": 0.2044881574398449, ".reloc": 6.05342196864866, "DATA": 3.4919964255097424}, "signature": [], "infos": {"sha1": "277a41e541577a7766d894ba00e9f922ed4f979c", "name": "277a41e541577a7766d894ba00e9f922ed4f979c", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "92accb83da03a2dd56f6243e8b10de1e465b891c48aa3ca195c70b176c129b1d", "crc32": "2E1FA082", "path": "./extract/277a41e541577a7766d894ba00e9f922ed4f979c", "ssdeep": "3072:q4CETi9VaySm0+Cg81a5nbZcCK8Q4BCnRFdfPeO:qLEb+0Jgqsnbq8Q/nRFxp", "size": 122880, "sha512": "e18502fc6b52db081e6c7c09a83532a0f45e0d430ca6727f2299b48f7cf0c7049e0e4f41e4f44f107c43dee44ed789f8405daa92e59b1d6e62907721fff13ca0", "md5": "92afce6aa90c8d3ba03b3c67d7688a2e"}, "versioninfo": {}, "ssdeep": "3072:q4CETi9VaySm0+Cg81a5nbZcCK8Q4BCnRFdfPeO:qLEb+0Jgqsnbq8Q/nRFxp", "static_imports": {"count": 7, "winmm.dll": ["timeGetTime"], "kernel32.dll": ["Sleep", "LoadLibraryExA"], "oleaut32.dll": ["SysFreeString", "SysReAllocStringLen", "SysAllocStringLen"], "advapi32.dll": ["RegQueryValueExA", "RegOpenKeyExA", "RegCloseKey"], "user32.dll": ["GetKeyboardType", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/279ddd1f8a5009ef2c081043f4931c3d44724c66.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "279ddd1f8a5009ef2c081043f4931c3d44724c66", "pe_timestamp": "2006-10-17 02:12:26", "virus_type": "279ddd1f8a5009ef2c081043f4931c3d44724c66", "resource_attrs": {}, "section_attrs": {"UPX2": 3.8141157557163465, "UPX1": 7.667813122293247}, "signature": [], "infos": {"sha1": "279ddd1f8a5009ef2c081043f4931c3d44724c66", "name": "279ddd1f8a5009ef2c081043f4931c3d44724c66", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "399e9b2a07970eb6e5f004f18abcbef81a826a5d4f98bba6391d8cdc5cf4fce7", "crc32": "9CB1BA8F", "path": "./extract/279ddd1f8a5009ef2c081043f4931c3d44724c66", "ssdeep": "48:nYTu9j5Z+iLaUu4RcCh/sXACeax2XEau0qdo+H7:YTYj5Z+NUuU/sgaeEb0qqy7", "size": 2657, "sha512": "403834507aa7fc949816d4cf62b4d43b735284f1db24c446a3e8f35919497a51c5bb07fc214a41203818c5f48bcdea6f66b21743f58481c4d967230e1469b07b", "md5": "a4707b28793e9d6aedd68b8af7309d74"}, "versioninfo": {}, "ssdeep": "48:nYTu9j5Z+iLaUu4RcCh/sXACeax2XEau0qdo+H7:YTYj5Z+NUuU/sgaeEb0qqy7", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/2a0291a0d7627cff879fbdcb5953bd64.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "82bf60972af8dcae3a06893ac6561b87", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "2a0291a0d7627cff879fbdcb5953bd64", "pe_timestamp": "2008-10-23 20:43:21", "virus_type": "2a0291a0d7627cff879fbdcb5953bd64", "resource_attrs": {}, "section_attrs": {"UPX2": 3.259446649325535, "UPX1": 7.905594705249229}, "signature": [], "infos": {"sha1": "fbc7fb1d62373fe7bc0408550f63f0a8f032e80b", "name": "2a0291a0d7627cff879fbdcb5953bd64", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "16cd4e7e7b1cc77dafd87a2ecd9e414ef5edc6cd5ad153ec21ee35d22eafa7e4", "crc32": "E11A4C28", "path": "./extract/2a0291a0d7627cff879fbdcb5953bd64", "ssdeep": "1536:fJDPyu3HxxeWBKHYeoe6nwT4QvwQ8MmiZISCvJDPyu3HxxeWBKHYeoe6nwT4Qvwj:hDneW/y6ne4QX8KSDneW/y6ne4QX8K", "size": 200704, "sha512": "069c0c7de800d9972f118877122ba8d940bc50220024ad45ebac60a51cb6092069dc94a3912eda4a80ced14aa703845b10ed090c8845c77738a4f68675eced89", "md5": "2a0291a0d7627cff879fbdcb5953bd64"}, "versioninfo": {}, "ssdeep": "1536:fJDPyu3HxxeWBKHYeoe6nwT4QvwQ8MmiZISCvJDPyu3HxxeWBKHYeoe6nwT4Qvwj:hDneW/y6ne4QX8KSDneW/y6ne4QX8K", "static_imports": {"count": 6, "SHELL32.dll": ["SHFileOperationA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["malloc"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["ntohs"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/2e2b1a83b7a1775b42df8581b253acbe.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f5e3a89d0f3ed1b4e0156eaa149958ce", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "2e2b1a83b7a1775b42df8581b253acbe", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "2e2b1a83b7a1775b42df8581b253acbe", "resource_attrs": {}, "section_attrs": {".RUPX1": 7.992782078260725, "DexCrypt": 4.42146948986705, "UPX1": 7.759044418210054, ".rsrc": 5.573236746107811}, "signature": [], "infos": {"sha1": "d7174dcb466a4951a060cc7e3260c38532533784", "name": "2e2b1a83b7a1775b42df8581b253acbe", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "d41075450ecb8be11306d2c459ee0490cb3f1f815dc1562008a39b9c98580b26", "crc32": "AFEB3FFE", "path": "./extract/2e2b1a83b7a1775b42df8581b253acbe", "ssdeep": "6144:v89dq4B01m/QxoXg+f5Czp176H21gQ6KHQbS5adYemeE/8epmy6idU7Oaa:4emIO/5y7uHhFbHrLE/8kmy6eU7Oaa", "size": 343118, "sha512": "07b7d50935922c18964498d7ae737c6996215190508cff4b893c3dd8b291834ffe879998f1ddc801dd55e9934259afe01b010dc9d8356665fd6521ef8b051a75", "md5": "2e2b1a83b7a1775b42df8581b253acbe"}, "versioninfo": {}, "ssdeep": "6144:v89dq4B01m/QxoXg+f5Czp176H21gQ6KHQbS5adYemeE/8epmy6idU7Oaa:4emIO/5y7uHhFbHrLE/8kmy6eU7Oaa", "static_imports": {"count": 9, "crypt32.dll": ["CryptUnprotectData"], "pstorec.dll": ["PStoreCreateInstance"], "shell32.dll": ["SHGetSpecialFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "rasapi32.dll": ["RasEnumEntriesA"], "oleaut32.dll": ["SysFreeString"], "advapi32.dll": ["LsaClose"], "ole32.dll": ["OleInitialize"], "user32.dll": ["ToAscii"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/2ecf1a3b97d9c869f6afce39d7821cc879368236.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "cc880652726afd2f3a057fff96e83c4e", "peid_signatures": null, "pe_filename": "2ecf1a3b97d9c869f6afce39d7821cc879368236", "pe_timestamp": "2011-06-01 20:16:12", "virus_type": "2ecf1a3b97d9c869f6afce39d7821cc879368236", "resource_attrs": {}, "section_attrs": {".aspack": 5.0954538920316566, ".data": 7.733016994118381, ".scpack": 4.2903505810797204, ".text": 0.9840402033869247, ".rsrc": 0.45570690680470566}, "signature": [], "infos": {"sha1": "2ecf1a3b97d9c869f6afce39d7821cc879368236", "name": "2ecf1a3b97d9c869f6afce39d7821cc879368236", "type": "MS-DOS executable", "sha256": "4f73bcc4b0021cf81475f1cb0e6d556944b284508ae6dee79ac990c6a8286b77", "crc32": "87049A8A", "path": "./extract/2ecf1a3b97d9c869f6afce39d7821cc879368236", "ssdeep": "12288:o36U+ZDHVzYKj86s5kdygmCbn2WJbFnljl+E6nsWr+dyI4eC9:vpYOSibNnfWidybeC", "size": 1048576, "sha512": "6dc9ecdfd34770605e163af1b7e4f121827b6a258fa67e3976fc1bab6d812eee4ba2c5a5610f2127bc7784aa1dbe8737d99158df512dce98c3461ecb1d114143", "md5": "5eda2e5c98e67b789fedcbccd3aa2d84"}, "versioninfo": {"LegalCopyright": "ofsDmlZKmI", "InternalName": "4", "FileVersion": "1.00", "CompanyName": "YbqLMVgbETnG", "Comments": "UJpyzx", "ProductName": "hZJrtNqvJToBpc", "ProductVersion": "1.00", "FileDescription": "jQiTYymkewtPmKP", "Translation": "0x0409 0x04b0", "OriginalFilename": "4.exe"}, "ssdeep": "12288:o36U+ZDHVzYKj86s5kdygmCbn2WJbFnljl+E6nsWr+dyI4eC9:vpYOSibNnfWidybeC", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "msvbvm60.dll": ["_CIcos"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/2ef79ba9cd870e225ebd70725eb35a661dcb5b69.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "1c372311534116eeffdf56f3f6c69c5c", "peid_signatures": ["nPack 1.1.300.2006 Beta -> NEOx"], "pe_filename": "2ef79ba9cd870e225ebd70725eb35a661dcb5b69", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "2ef79ba9cd870e225ebd70725eb35a661dcb5b69", "resource_attrs": {}, "section_attrs": {".nPack": 1.1202855286877567, ".data": 7.868071684268293, ".sxdata": 0.3420196603346658, ".rdata": 7.675778629618471, ".text": 7.913946993033521}, "signature": [], "infos": {"sha1": "2ef79ba9cd870e225ebd70725eb35a661dcb5b69", "name": "2ef79ba9cd870e225ebd70725eb35a661dcb5b69", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "fdf1741fedd2fd2f25daba5dda60f172b8a709ce051a968b9560d2976aafcdb0", "crc32": "B53D9B9C", "path": "./extract/2ef79ba9cd870e225ebd70725eb35a661dcb5b69", "ssdeep": "1536:fVoxcuHJwjeoh/nx8HUtcdslu2uaOorhDm/mHohbDtb:fqxcCwj9NyEblurtorhDmeHebDF", "size": 94950, "sha512": "84c323398f937d3d92f09c26f2c05b6aaeae4388cb53bb9d43b4901b3b0809be885acfbcb4a0828f48c523849c28c17ac82d51f46eec8ec983006d6abb07ccc9", "md5": "e7f93705d854fbf55047d518f0eef248"}, "versioninfo": {}, "ssdeep": "1536:fVoxcuHJwjeoh/nx8HUtcdslu2uaOorhDm/mHohbDtb:fqxcCwj9NyEblurtorhDmeHebDF", "static_imports": {"count": 2, "KERNEL32.dll": ["LoadLibraryA", "ExitProcess", "GetProcAddress"], "USER32.dll": ["wsprintfA", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/30c417437b2f7f26b8293079ef1cf0d7918e4983.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "925d520f5293e67288768f2e5b5319f5", "peid_signatures": null, "pe_filename": "30c417437b2f7f26b8293079ef1cf0d7918e4983", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "30c417437b2f7f26b8293079ef1cf0d7918e4983", "resource_attrs": {}, "section_attrs": {".wde": 7.972565598081689}, "signature": [], "infos": {"sha1": "30c417437b2f7f26b8293079ef1cf0d7918e4983", "name": "30c417437b2f7f26b8293079ef1cf0d7918e4983", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "9ec3c6740b568519dc83080f6913dd90e300ccdaa6f451235741db00f590566a", "crc32": "0E58106C", "path": "./extract/30c417437b2f7f26b8293079ef1cf0d7918e4983", "ssdeep": "768:VRVPWBTPrXyJUmhsDLhexxsIsSjfRE2SsYi/XQE5Y8no7u3QEngUXkbzAkvqF:HVPWBLriJzs5eLsSLREX7i55Y2o7EgUF", "size": 46080, "sha512": "94e058978fcc2851e89394d36ccd17ff919ade4e595ff99e28654e9890956eeba6756a5d96371a7745bad57401746e4cc78a9c73c1addc74b2f9671f9dd587f2", "md5": "5d7df3f8bd95bb60604a9410a7d2f09c"}, "versioninfo": {}, "ssdeep": "768:VRVPWBTPrXyJUmhsDLhexxsIsSjfRE2SsYi/XQE5Y8no7u3QEngUXkbzAkvqF:HVPWBLriJzs5eLsSLREX7i55Y2o7EgUF", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["ceil"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["connect"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/332f126ecd8c35c1d2811870987dba1f925d0adb.json: -------------------------------------------------------------------------------- 1 | {"languages": ["RUSSIAN", "ENGLISH", "ENGLISH_US"], "pe_imphash": "", "peid_signatures": ["FSG v2.0 -> bart/xt"], "pe_filename": "332f126ecd8c35c1d2811870987dba1f925d0adb", "pe_timestamp": "1987-09-11 10:35:02", "virus_type": "332f126ecd8c35c1d2811870987dba1f925d0adb", "resource_attrs": {}, "section_attrs": {}, "signature": [], "infos": {"sha1": "332f126ecd8c35c1d2811870987dba1f925d0adb", "name": "332f126ecd8c35c1d2811870987dba1f925d0adb", "type": "MS-DOS executable", "sha256": "d81ed107fd1d0771ca3cac8e3f9f9d3bb3878c916ca970475b482556256e6ed7", "crc32": "79678E04", "path": "./extract/332f126ecd8c35c1d2811870987dba1f925d0adb", "ssdeep": "768:0/v0EyBF5JREFRqlz3ouMmB52ci8ZZtW1iJUbTZ9xdef:0/sz8Rqlz3MmCR6ZtW1iCZ9xdI", "size": 43538, "sha512": "9158dc4b8f1c55a2d7ca9baf58bacffc41091070f6001ffb4e6a0134a095fdaf5c5472b9efa7f27bb4af9847ace51fe6a939bb3945d71045ae651dca18acf33c", "md5": "d3b3db75abb62f70c3f81a43ec0d9ad6"}, "versioninfo": {"LegalCopyright": "(c) Microsoft Corparation. All rights reserved.", "InternalName": "sdfghjgewaertyutrew.exe", "FileVersion": "6.7.4.1", "SpecialBuild": "4.5.7.2", "CompanyName": "Microsoft Corparation", "Comments": "Windows service. Do not stop this service.", "ProductName": "sdfghjgewaertyutrew", "ProductVersion": "4.5.7.2", "FileDescription": "Windows system servise", "Translation": "0x0419 0x04e3", "OriginalFilename": "sdfghjgewaertyutrew.exe"}, "ssdeep": "768:0/v0EyBF5JREFRqlz3ouMmB52ci8ZZtW1iJUbTZ9xdef:0/sz8Rqlz3MmCR6ZtW1iCZ9xdI", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/33e7f0ae0cab615738b13324f1313211.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "e2be4f6f05d0c31935bc07968650d9a2", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "33e7f0ae0cab615738b13324f1313211", "pe_timestamp": "2011-05-09 14:22:13", "virus_type": "33e7f0ae0cab615738b13324f1313211", "resource_attrs": {}, "section_attrs": {".data1": 1.5576365522745095, ".brdata": 7.904387657574341, ".rsrc": 7.527283819266337, ".rdata": 2.5652815652382057, ".data": 5.467472608442209, ".text": 6.100985305796581}, "signature": [], "infos": {"sha1": "f52e49912bc344c3fd0180d0f7a0e0a54d4db9db", "name": "33e7f0ae0cab615738b13324f1313211", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "b7df7ab0a606cbb922e1f57f2e173fd76af1e4f49677df160a22445418d03d71", "crc32": "1E3FF958", "path": "./extract/33e7f0ae0cab615738b13324f1313211", "ssdeep": "12288:uNaOKJ8/oiaz9sOAhuQBQcpYaS8f7gduOntxVEEC:RKAephdZz1+uyjuX", "size": 501892, "sha512": "c8a8e04b299d17a6a6d4980e1a145eef798c916d20d2e6390d10a5fbdcdd78755998126f856fe021f8ad06ee6b1e49500bbb01ac08d843c719061cfaa740066b", "md5": "33e7f0ae0cab615738b13324f1313211"}, "versioninfo": {}, "ssdeep": "12288:uNaOKJ8/oiaz9sOAhuQBQcpYaS8f7gduOntxVEEC:RKAephdZz1+uyjuX", "static_imports": {"count": 1, "KERNEL32.dll": ["CreateToolhelp32Snapshot", "Process32First", "Process32Next", "HeapAlloc", "HeapFree", "GetModuleHandleA", "GetStartupInfoA", "GetCommandLineA", "ExitProcess", "GetProcessHeap", "RtlUnwind", "VirtualQuery", "TerminateProcess", "GetCurrentProcess", "UnhandledExceptionFilter", "SetUnhandledExceptionFilter", "IsDebuggerPresent"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3458198d4871cbd3fb25129cea566f2331e7438e.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "1cb2c516220ba1f0830c24f54a392edc", "peid_signatures": null, "pe_filename": "3458198d4871cbd3fb25129cea566f2331e7438e", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "3458198d4871cbd3fb25129cea566f2331e7438e", "resource_attrs": {}, "section_attrs": {".data": 2.5948258975354093, ".idata": 3.942668514488473, ".text": 5.719208529168399}, "signature": [], "infos": {"sha1": "3458198d4871cbd3fb25129cea566f2331e7438e", "name": "3458198d4871cbd3fb25129cea566f2331e7438e", "type": "PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "9f522b45e652b585d4367ac70095e59a675c112ecf41809e30f9273415258536", "crc32": "D5D4DAF1", "path": "./extract/3458198d4871cbd3fb25129cea566f2331e7438e", "ssdeep": "768:51/ojMaTDZgsvoaqCnGTr8yaOnYmgYBT5h3ldHpECHWCxDLI/bVFlVS393sHisfZ:5NqMaTDGSmTJBxdOMWCJwmmvEM", "size": 121623, "sha512": "38ce90f63ecdc6b959d01653d6444bb6138969fc578b5b1275be792486976df4399e4e32abffe45987bae767903b2f4b8ecb510775d3104bdedd56bc9857320f", "md5": "12912f958e9332730a0e242c4710fbfb"}, "versioninfo": {}, "ssdeep": "768:51/ojMaTDZgsvoaqCnGTr8yaOnYmgYBT5h3ldHpECHWCxDLI/bVFlVS393sHisfZ:5NqMaTDGSmTJBxdOMWCJwmmvEM", "static_imports": {"count": 4, "kernel32.dll": ["ExitProcess"], "oleaut32.dll": ["SysAllocStringLen", "SysFreeString"], "user32.dll": ["CharUpperBuffW", "CharLowerBuffW", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/34935f6a08799896355fd0a80231b25dad59db41.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "b1f074034a35b9e66849556e1be1b950", "peid_signatures": null, "pe_filename": "34935f6a08799896355fd0a80231b25dad59db41", "pe_timestamp": "2007-01-05 02:07:29", "virus_type": "34935f6a08799896355fd0a80231b25dad59db41", "resource_attrs": {}, "section_attrs": {".text": 5.493441013352841, ".rsrc": 4.768337269917881}, "signature": [], "infos": {"sha1": "34935f6a08799896355fd0a80231b25dad59db41", "name": "34935f6a08799896355fd0a80231b25dad59db41", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "41063f9dd755f67da77b8a75895f188e820a64e0e787d5751003dc0c944d0acf", "crc32": "E7FD6DFC", "path": "./extract/34935f6a08799896355fd0a80231b25dad59db41", "ssdeep": "6144:f6SYKHuMborPtOlw9Nlw9d9TiEEN0wJCKCIp0dOGWxqJfm:T60d92FMdv", "size": 471040, "sha512": "4230d038ffb0df8a40953407a610288c86c178b600b784d3acbfc200d835e230bf6da2c73adf32f7f0db689dcce47da1937e10d9c3b99287681f36f258fb1f1c", "md5": "3d8ed5f9f08bd33a1b27d513c6b978bb"}, "versioninfo": {"InternalName": "MovieService", "FileVersion": "1.05", "CompanyName": "\\u7f51\\u5427\\u7535\\u5f71\\u7ba1\\u7406\\u8005", "ProductName": "\\u670d\\u52a1\\u7a0b\\u5e8f", "ProductVersion": "1.05", "Translation": "0x0804 0x04b0", "OriginalFilename": "MovieService.exe"}, "ssdeep": "6144:f6SYKHuMborPtOlw9Nlw9d9TiEEN0wJCKCIp0dOGWxqJfm:T60d92FMdv", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3504272badbf9b6c1802b0b3132dd02b5c781b8b.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a9966bf888598a59ae0dc3090fbb5dad", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "3504272badbf9b6c1802b0b3132dd02b5c781b8b", "pe_timestamp": "2009-03-07 22:22:34", "virus_type": "3504272badbf9b6c1802b0b3132dd02b5c781b8b", "resource_attrs": {}, "section_attrs": {".data": 7.826595474349941}, "signature": [], "infos": {"sha1": "3504272badbf9b6c1802b0b3132dd02b5c781b8b", "name": "3504272badbf9b6c1802b0b3132dd02b5c781b8b", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "36bf109c6336e723d9ba219feccb4d0eba6df5aa28ec2b8e65a4a8b356cc9b96", "crc32": "05882703", "path": "./extract/3504272badbf9b6c1802b0b3132dd02b5c781b8b", "ssdeep": "3072:BJ3UY+AC+57decsTeqDCYYOSpCoy2w1Ni4qxbbrMbvT0q8O1cZPzQ7IXMBc+AMPI:/EYdC+yxsYYZHyXm7ZwvP6bQ7yMP+DEm", "size": 196608, "sha512": "6b1291ef37e335f55af8f7f8a38e3dce3c4bc7abf025802c020cd88d0552e31c3ff9dd7eb1ce7b7147ef78ea47353488a018fa9c5494ecb74124912a466472e1", "md5": "f5fd4c9e5f77402ce5c0cb5ee20bb979"}, "versioninfo": {}, "ssdeep": "3072:BJ3UY+AC+57decsTeqDCYYOSpCoy2w1Ni4qxbbrMbvT0q8O1cZPzQ7IXMBc+AMPI:/EYdC+yxsYYZHyXm7ZwvP6bQ7yMP+DEm", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "ws2_32.dll": ["inet_addr"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3695193896b40f9c34ae1401c28e78e9.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "f433e7fcc51e68080022754836705744", "peid_signatures": null, "pe_filename": "3695193896b40f9c34ae1401c28e78e9", "pe_timestamp": "2009-09-03 22:08:39", "virus_type": "3695193896b40f9c34ae1401c28e78e9", "resource_attrs": {}, "section_attrs": {"izmg0utk": 7.58386706874724, "cvp82l73": 7.921766029150336}, "signature": [], "infos": {"sha1": "f57397caf739f490ebd3453e6091262bd87cad62", "name": "3695193896b40f9c34ae1401c28e78e9", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "a1712756fcc9853bf0448cc5a0f4b3383c531f9f69c7b54a5cc1c76ea839a079", "crc32": "5D05F5A9", "path": "./extract/3695193896b40f9c34ae1401c28e78e9", "ssdeep": "3072:3cL98ILuUI8deJENS1PfaaNy64iyE2zhb/lX9vyyPw+JFytSA0ar:sL+IL3NdCENQiaNkiyE2Fp5HPwCMSA0s", "size": 125440, "sha512": "d9513dcb3b355652a2cbf8079704a6ce58c962673181a5364957e9d00e734db1c85920bc40eac89dff67a509e6dc026ce5c9c758f22d63a2ac9b261b4a331000", "md5": "3695193896b40f9c34ae1401c28e78e9"}, "versioninfo": {}, "ssdeep": "3072:3cL98ILuUI8deJENS1PfaaNy64iyE2zhb/lX9vyyPw+JFytSA0ar:sL+IL3NdCENQiaNkiyE2Fp5HPwCMSA0s", "static_imports": {"count": 2, "kernel32.dll": ["GetModuleHandleA", "LoadLibraryA", "GetProcAddress", "ExitProcess", "VirtualAlloc", "VirtualFree"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/37550eba46987e9efef4bd20b2ba1ce4669f4b30.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "8d157a321d1f7b0dde121b1162fdf4b6", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "37550eba46987e9efef4bd20b2ba1ce4669f4b30", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "37550eba46987e9efef4bd20b2ba1ce4669f4b30", "resource_attrs": {}, "section_attrs": {"UPX1": 7.827406013580704, ".rsrc": 0.5307031813366818}, "signature": [], "infos": {"sha1": "37550eba46987e9efef4bd20b2ba1ce4669f4b30", "name": "37550eba46987e9efef4bd20b2ba1ce4669f4b30", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "176d97111dbd96e80a3c9ed30cd3ec83a1e0295e854cc65805747e320beefa03", "crc32": "3589106B", "path": "./extract/37550eba46987e9efef4bd20b2ba1ce4669f4b30", "ssdeep": "384:YRRuARafr9bCYPCH0E3Tvo8pJ39GF/15S1YMigCbJTkl:YRZRor9nPCL883394S1mgk", "size": 21504, "sha512": "fb1bb94a170f789ce90eb46cba21432478de57c7537d7f1c45ee95ad82f39ff20474caf41f0091bf13d8178c33cc08bd680ccc6f9e5c0909c6dbe1ef58b87297", "md5": "d402539fe17b578b418b63715581f3fe"}, "versioninfo": {}, "ssdeep": "384:YRRuARafr9bCYPCH0E3Tvo8pJ39GF/15S1YMigCbJTkl:YRZRor9nPCL883394S1mgk", "static_imports": {"count": 4, "ADVAPI32.dll": ["RegCloseKey"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["exit"], "SHELL32.dll": ["SHChangeNotify"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3786556e91186f24188688438c99e3108b6352a3.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": null, "pe_filename": "3786556e91186f24188688438c99e3108b6352a3", "pe_timestamp": "2004-05-04 06:04:54", "virus_type": "3786556e91186f24188688438c99e3108b6352a3", "resource_attrs": {}, "section_attrs": {".text": 7.825616376749602, ".rsrc": 0.4098690993693455}, "signature": [], "infos": {"sha1": "3786556e91186f24188688438c99e3108b6352a3", "name": "3786556e91186f24188688438c99e3108b6352a3", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "71073e4053a1aa12ae989895018a027e708404d63d8c9b8206298811185dc91b", "crc32": "48110CDF", "path": "./extract/3786556e91186f24188688438c99e3108b6352a3", "ssdeep": "384:cFNpmKTRkcr1bnYPrBO7BYgv5Jhh3wYz5H9vROy1skzoBr7rku:aJVbxYGx5wAdvYYfoBV", "size": 79360, "sha512": "16fe78cfddcf970cdc76636df966781488319930b31e5d2385b70c354f38f814caa99e59e2432e9b78b207c4e4c309d44ea20726c13b97a61f2861d6835d9e51", "md5": "d3fba9e52c1bca960d54481f1e98e8f0"}, "versioninfo": {}, "ssdeep": "384:cFNpmKTRkcr1bnYPrBO7BYgv5Jhh3wYz5H9vROy1skzoBr7rku:aJVbxYGx5wAdvYYfoBV", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/385798ca82626eb399ceb3bc965e5ab3eb49502d.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a6a2981b62f118e69e748b2171d3146d", "peid_signatures": null, "pe_filename": "385798ca82626eb399ceb3bc965e5ab3eb49502d", "pe_timestamp": "2007-09-06 20:19:08", "virus_type": "385798ca82626eb399ceb3bc965e5ab3eb49502d", "resource_attrs": {}, "section_attrs": {".dsf": 7.9900392422410365}, "signature": [], "infos": {"sha1": "385798ca82626eb399ceb3bc965e5ab3eb49502d", "name": "385798ca82626eb399ceb3bc965e5ab3eb49502d", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1e6f3a3b84f3ada131dd4c1564fc8146b4cf7c3e433ef7bce62672484ce2c313", "crc32": "26369D77", "path": "./extract/385798ca82626eb399ceb3bc965e5ab3eb49502d", "ssdeep": "1536:RmwoPfk3D2SknTaxWa++xmanuLu3jBvXHK9Zm:4woPc3D2BT5+cizp", "size": 54272, "sha512": "951253749557648d4c4aaed34cd5aa1b6a55b123f0b6ee3d3e596595b36571b6841da91e15e293e1b19108c11a23bf4edb3b7ebeaaaa2787f6ebc9328f64b10b", "md5": "63dddaa2cf49f73cad827682f7d73e28"}, "versioninfo": {}, "ssdeep": "1536:RmwoPfk3D2SknTaxWa++xmanuLu3jBvXHK9Zm:4woPc3D2BT5+cizp", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["_itoa"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegEnumValueA"], "WS2_32.dll": ["connect"], "USER32.dll": ["GetForegroundWindow"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3b27600608432aa0e15203d40f6b4a3374d67941.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "dcd32fd1eefc3c1f5bcc67f2c3a0aa86", "peid_signatures": null, "pe_filename": "3b27600608432aa0e15203d40f6b4a3374d67941", "pe_timestamp": "2000-01-01 20:00:00", "virus_type": "3b27600608432aa0e15203d40f6b4a3374d67941", "resource_attrs": {}, "section_attrs": {".text": 5.0029866725255046, ".rsrc": 3.8673212926660816}, "signature": [], "infos": {"sha1": "3b27600608432aa0e15203d40f6b4a3374d67941", "name": "3b27600608432aa0e15203d40f6b4a3374d67941", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "70c8d2755cb7c077920171da388fd48ea8f85c5972ad7bd811b5aa5521b90e12", "crc32": "DECF6FB1", "path": "./extract/3b27600608432aa0e15203d40f6b4a3374d67941", "ssdeep": "768:1ZEJbR6hcGvAAYD/tgTVH7NHaurxmWXOQfwoObuPb77eU:1ZEbKAZ/ml5lXAoO+H7d", "size": 49152, "sha512": "f50c3b77268c30a4ec04f3763c117704363ec3fb0487eff9ae46f0625de93b864e2ebe640279529dae4c595c3c23d74c9ae27e242e3a6bec7f3919e066a34621", "md5": "ab35779c03b3396c199fa48135cf5af5"}, "versioninfo": {"1": ""}, "ssdeep": "768:1ZEJbR6hcGvAAYD/tgTVH7NHaurxmWXOQfwoObuPb77eU:1ZEbKAZ/ml5lXAoO+H7d", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "c5f8c164ab5c8a7c23939c338d5313b0", "peid_signatures": null, "pe_filename": "3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d", "resource_attrs": {}, "section_attrs": {"CODE": 6.31013724924959, ".rsrc": 7.981516596730876, ".idata": 3.7171766070413454, ".rdata": 0.19743807838821048, ".reloc": 5.529914821759447, "DATA": 1.3071696110637494}, "signature": [], "infos": {"sha1": "3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d", "name": "3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "2898f055b8482d74fcb737484b20ab8700d5e705e1878dc96944513c274122d2", "crc32": "E1AAAE71", "path": "./extract/3d1dfd59c252f2e87c7b9a4999c8e407ddfcea2d", "ssdeep": "3072:RYSyLbuvTSuCn2dyem9HGtdFhIG8EmF4oiZo9YU8W:PYyb6n2dzm9HGtnhxDmF4owo9Yy", "size": 138752, "sha512": "cc9d01673ccf1700f1318605985668e1ff3a477437cc6458a2e0116fd02e970390f11745af0f7667dc089b226ce6b3e40bfd42827b095a317400ae047d771c23", "md5": "d85ebb922053e07a7f7bbe737680b718"}, "versioninfo": {}, "ssdeep": "3072:RYSyLbuvTSuCn2dyem9HGtdFhIG8EmF4oiZo9YU8W:PYyb6n2dzm9HGtnhxDmF4owo9Yy", "static_imports": {"count": 3, "kernel32.dll": ["LoadLibraryExA"], "oleaut32.dll": ["SysFreeString", "SysReAllocStringLen"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/400122926ee4751a493dbfbcab1f95128f68ff52.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": ["Armadillo v1.71"], "pe_filename": "400122926ee4751a493dbfbcab1f95128f68ff52", "pe_timestamp": "2010-07-31 10:56:41", "virus_type": "400122926ee4751a493dbfbcab1f95128f68ff52", "resource_attrs": {}, "section_attrs": {".rdata": 5.006503346183283, ".text": 6.514281649041348}, "signature": [], "infos": {"sha1": "400122926ee4751a493dbfbcab1f95128f68ff52", "name": "400122926ee4751a493dbfbcab1f95128f68ff52", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "5d91603d00e6a36f6ffe03649835abf68a9d26632155722e6dae84afc72c8f1b", "crc32": "72704154", "path": "./extract/400122926ee4751a493dbfbcab1f95128f68ff52", "ssdeep": "12288:HgQmd5EbCNAjtdZOdTt+x/Qtny2fLK+LVfEZlPEGgZp:H0EON0tdZOdT/mKZ", "size": 534193, "sha512": "d84c7c4f87e0c1da4d2e6ebae66609b07276dfeb63c3706140b3453f490fb1e726d2e952d9bdc324d073b5e94ccb70cc23bc3bbe876288d4f03b2401931240f1", "md5": "8e4abcbec13aa44d1d04de50fbab8166"}, "versioninfo": {}, "ssdeep": "12288:HgQmd5EbCNAjtdZOdTt+x/Qtny2fLK+LVfEZlPEGgZp:H0EON0tdZOdT/mKZ", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4001b79446495905acd405991c22b34963089905.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US", "NEUTRAL"], "pe_imphash": "51ac69e907ed9baf944b6ba09eb3292d", "peid_signatures": null, "pe_filename": "4001b79446495905acd405991c22b34963089905", "pe_timestamp": "2011-10-20 02:16:12", "virus_type": "4001b79446495905acd405991c22b34963089905", "resource_attrs": {}, "section_attrs": {".data": 7.849872403547931, ".idata": 4.1145303057752605, ".text": 6.403684565318365, ".rsrc": 1.950196267737205}, "signature": [], "infos": {"sha1": "4001b79446495905acd405991c22b34963089905", "name": "4001b79446495905acd405991c22b34963089905", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "39836a2362be326790bdde7e63cbb3f43b72ac323e2f25143a444048964861e6", "crc32": "51F6EAB8", "path": "./extract/4001b79446495905acd405991c22b34963089905", "ssdeep": "6144:rPwI0zUX2Gop14nDWgRAkPwjzTvVGQn8xID0DMFYvtYoDqTzcDax:rPwXzUGHIR3PwBGLxe0Dd1ZWT8ax", "size": 294912, "sha512": "79668d40302ae88be4246140ea4069c82a01b699961ecd6ae2dd13303222b3fdf59f35601af4e4f1a48d15db3f9bcae79fe9af367d6ac2c3fbf63b7bc6aef950", "md5": "bb0fe4c4af409baaf090d03d062ea724"}, "versioninfo": {}, "ssdeep": "6144:rPwI0zUX2Gop14nDWgRAkPwjzTvVGQn8xID0DMFYvtYoDqTzcDax:rPwXzUGHIR3PwBGLxe0Dd1ZWT8ax", "static_imports": {"count": 6, "winmm.dll": ["waveOutGetPosition"], "kernel32.dll": ["GetCurrentProcessId"], "advapi32.dll": ["RegOpenKeyExA"], "shlwapi.dll": ["StrStrA"], "user32.dll": ["SetWindowTextA"], "comctl32.dll": ["InitCommonControls"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4181cba9401699521c298a5d7d541c0c.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "3e9df19453971adde27dc23311ba8014", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "4181cba9401699521c298a5d7d541c0c.bin", "pe_timestamp": "2011-12-03 17:48:53", "virus_type": "4181cba9401699521c298a5d7d541c0c", "resource_attrs": {}, "section_attrs": {".data": 7.81920496188563, ".rsrc": 1.9559210192764656}, "signature": [], "infos": {"sha1": "121cc9877427903cd269544bd6e63e8fd6312c9a", "name": "4181cba9401699521c298a5d7d541c0c.bin", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "400e938244e767a72391bee7868fdde39aa36dc750fbbc5459409ef736b5d570", "crc32": "59F24ADE", "path": "./extract/4181cba9401699521c298a5d7d541c0c.bin", "ssdeep": "6144:UfUIlVdX70qlmB9TaTcYQMzFC0TQ7kGjB9EtSATC9U9pREnVW5GJZ2tNYLj8Mfs8:WdbdX4pTa6XAQ4GjgtSAGO93cVzYKj88", "size": 345600, "sha512": "fd4fd9010aacdce7dbc5690528d79e785e6872b2d0e984e089e45dbd8ac4f060d295775e44b186a3fa601972096b26a15848a8d299537028279d20c905bfbe84", "md5": "4181cba9401699521c298a5d7d541c0c"}, "versioninfo": {"InternalName": "0", "FileVersion": "1.02.0002", "CompanyName": "Dm4r HaCkEr", "ProductName": "Project1", "ProductVersion": "1.02.0002", "Translation": "0x0409 0x04b0", "OriginalFilename": "0.exe"}, "ssdeep": "6144:UfUIlVdX70qlmB9TaTcYQMzFC0TQ7kGjB9EtSATC9U9pREnVW5GJZ2tNYLj8Mfs8:WdbdX4pTa6XAQ4GjgtSAGO93cVzYKj88", "static_imports": {"count": 6, "kernel32.dll": ["RaiseException"], "oleaut32.dll": ["VariantChangeTypeEx"], "advapi32.dll": ["RegCloseKey"], "ole32.dll": ["OleRun"], "user32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/41f9bb321a0fac15b712da604bc68574.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "7bcb4be8a284e4ec65e8f7af4ff9f3bc", "peid_signatures": null, "pe_filename": "41f9bb321a0fac15b712da604bc68574", "pe_timestamp": "2012-04-19 23:46:35", "virus_type": "41f9bb321a0fac15b712da604bc68574", "resource_attrs": {}, "section_attrs": {".MPRESS1": 4.96753917749195, ".MPRESS2": 5.018100602851341, ".rsrc": 2.0806245657541345}, "signature": [], "infos": {"sha1": "769c97fbf99eea281c75dde9bffa190395a4eb0c", "name": "41f9bb321a0fac15b712da604bc68574", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "2e90f75a5084ac0c7b0f6988d1efae8d3f89547297ab8cf2f81b85cc55607539", "crc32": "6D5C98DA", "path": "./extract/41f9bb321a0fac15b712da604bc68574", "ssdeep": "3072:1YjX0e1FB/DpKjCLHqSKiTCs5TKzioAv7RCpirrntCAuLDMWbQFp2Io:1YXTC41ogdCpirr0TLDMWcaI", "size": 352256, "sha512": "ae12b25879f4dd560f46ecfc143e8a764e9044a484fe5f188f49b628968f71c8f811477a03a2edccaee3dabce862e5ec1cfccfc6a4db1a80ad32bf5ce5afe83e", "md5": "41f9bb321a0fac15b712da604bc68574"}, "versioninfo": {"LegalCopyright": "YqEOxx", "InternalName": "Stub", "FileVersion": "1.00", "CompanyName": "kJyvp", "Comments": "EbxVcYjnBQZi", "ProductName": "KKJNzszeqq", "ProductVersion": "1.00", "FileDescription": "QxThvdu", "Translation": "0x0409 0x04b0", "OriginalFilename": "Stub.exe"}, "ssdeep": "3072:1YjX0e1FB/DpKjCLHqSKiTCs5TKzioAv7RCpirrntCAuLDMWbQFp2Io:1YXTC41ogdCpirr0TLDMWcaI", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/422e369818e19adf22311721604f8908c83873c1.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "422e369818e19adf22311721604f8908c83873c1", "pe_timestamp": "2014-07-18 06:48:41", "virus_type": "422e369818e19adf22311721604f8908c83873c1", "resource_attrs": {}, "section_attrs": {".rsrc": 5.390503100452455, ".reloc": 4.667248514425589, ".rdata": 5.103979874807207, ".data": 4.7789203875779585, ".pdata": 5.925492047501894, ".text": 6.541001857820772}, "signature": [], "infos": {"sha1": "422e369818e19adf22311721604f8908c83873c1", "name": "422e369818e19adf22311721604f8908c83873c1", "type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows", "sha256": "1dc8b690329d1dfd9462afa09b81c7cabf7b13fcd05ee99da767dfa396ae738b", "crc32": "EB692E09", "path": "./extract/422e369818e19adf22311721604f8908c83873c1", "ssdeep": "24576:4b3VTMAJAB8/PFqilVm4rI1S3LyJiCzZEzi5KKzZ3JpKlMGWnj2z31mlnZ:4bFTu8aOIk3LyhEzVQZiHWnyC", "size": 1647831, "sha512": "375b5c813092ca3db90ed832972c3856375b8482b1f90b212cbc3a84b1dd76a8da027eab6d22f9496fec2f92b50e0e7896e4918b521ce42f5cfdc5e00349d06c", "md5": "4047b8c5d3093364789639e8ad6b3c09"}, "versioninfo": {}, "ssdeep": "24576:4b3VTMAJAB8/PFqilVm4rI1S3LyJiCzZEzi5KKzZ3JpKlMGWnj2z31mlnZ:4bFTu8aOIk3LyhEzVQZiHWnyC", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4358726c452420dc7a25c1acb4ef7620.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "3e9df19453971adde27dc23311ba8014", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "4358726c452420dc7a25c1acb4ef7620.bin", "pe_timestamp": "2011-12-03 17:48:53", "virus_type": "4358726c452420dc7a25c1acb4ef7620", "resource_attrs": {}, "section_attrs": {".data": 7.81943267800044, ".rsrc": 1.9559210192764656}, "signature": [], "infos": {"sha1": "a486afe40794def510b76ad58b59afd6a624374d", "name": "4358726c452420dc7a25c1acb4ef7620.bin", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "0dbc7835389ac1425325a60cdbc89651ff9043b2ad89fc0c120f356adc8b1c70", "crc32": "2A7E5A8A", "path": "./extract/4358726c452420dc7a25c1acb4ef7620.bin", "ssdeep": "6144:UfUIlVdvsHu9VYTNl/UBnw1qHnVW5GJZ2tNYLj8Mfsr+kqmHNApZOU:WdbdvsH4aTOpVzYKj86srcpZT", "size": 371245, "sha512": "686a742bb95aa55229611e7df1b9f6924aa93da589e0e18e373214cd562fbb8f2f6c46de5268d9f58d393511d905428d57d6a4d22a8f16f456d45cce53fe3042", "md5": "4358726c452420dc7a25c1acb4ef7620"}, "versioninfo": {"InternalName": "0", "FileVersion": "1.02.0002", "CompanyName": "Dm4r HaCkEr", "ProductName": "Project1", "ProductVersion": "1.02.0002", "Translation": "0x0409 0x04b0", "OriginalFilename": "0.exe"}, "ssdeep": "6144:UfUIlVdvsHu9VYTNl/UBnw1qHnVW5GJZ2tNYLj8Mfsr+kqmHNApZOU:WdbdvsH4aTOpVzYKj86srcpZT", "static_imports": {"count": 6, "kernel32.dll": ["RaiseException"], "oleaut32.dll": ["VariantChangeTypeEx"], "advapi32.dll": ["RegCloseKey"], "ole32.dll": ["OleRun"], "user32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/43de0e1ba70e0ea0f0ca180e040913ee6eb61c53.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": ["PECompact 2.xx (Slim Loader) --> BitSum Technologies"], "pe_filename": "43de0e1ba70e0ea0f0ca180e040913ee6eb61c53", "pe_timestamp": "2008-01-31 10:47:00", "virus_type": "43de0e1ba70e0ea0f0ca180e040913ee6eb61c53", "resource_attrs": {}, "section_attrs": {".text": 7.938238837945412, ".rsrc": 6.010543651240015}, "signature": [], "infos": {"sha1": "43de0e1ba70e0ea0f0ca180e040913ee6eb61c53", "name": "43de0e1ba70e0ea0f0ca180e040913ee6eb61c53", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "56668f809bc2ab3b1ecf25452e09b951cd4b37f140820f7ea3206a614122cd63", "crc32": "1F2493B7", "path": "./extract/43de0e1ba70e0ea0f0ca180e040913ee6eb61c53", "ssdeep": "3072:fRnMCPM7AVD431QSmm4QU2wtYJ20K6PD:fRnrPdD4uhQUoi67", "size": 134144, "sha512": "bd8f3ee68d5b79a9b2d56305b1e755f9333738e1394448b3cbc13e0a0fc271c4c3ea783542f57ba67e7c48a1166d570c4c6e17951c3beb33ea5fa95314621a1f", "md5": "ac671c54734223697b79ff5ed8fcd8d9"}, "versioninfo": {"LegalCopyright": "Copyright (C) 2003", "InternalName": "freegate", "FileVersion": "1, 0, 0, 1", "FileDescription": "freegate MFC Application", "CompanyName": "", "SpecialBuild": "", "LegalTrademarks": "", "Comments": "", "ProductName": "freegate Application", "ProductVersion": "1, 0, 0, 1", "PrivateBuild": "", "Translation": "0x0409 0x04b0", "OriginalFilename": "freegate.EXE"}, "ssdeep": "3072:fRnMCPM7AVD431QSmm4QU2wtYJ20K6PD:fRnrPdD4uhQUoi67", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/43e338d3f35840f5a2a895a4328c9a1d00e84aff.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "43e338d3f35840f5a2a895a4328c9a1d00e84aff", "pe_timestamp": "2012-03-19 04:09:04", "virus_type": "43e338d3f35840f5a2a895a4328c9a1d00e84aff", "resource_attrs": {}, "section_attrs": {".data": 7.73239970968027}, "signature": [], "infos": {"sha1": "43e338d3f35840f5a2a895a4328c9a1d00e84aff", "name": "43e338d3f35840f5a2a895a4328c9a1d00e84aff", "type": "PE32 executable Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "c491142c32a1c58b3b19b302b29faf466919aef201e9f8d60822cdb6483739af", "crc32": "1638BEC9", "path": "./extract/43e338d3f35840f5a2a895a4328c9a1d00e84aff", "ssdeep": "6144:wyPZ0gn8DrZJ9DNtMc769/cbS+l21Y0wNGibjLQ5d:FZ8PZJFMc769khgqhYowd", "size": 231936, "sha512": "a90dfd6716e7e81fff62beddda60e42e463ff1da61100a6128023bccfac44f84b4bd82bbf9d71fceb879f0f2f58538772c210519a21d5aa0a5534a076b12d863", "md5": "a029bd87d9a4e33767cad76d9ca9e394"}, "versioninfo": {}, "ssdeep": "6144:wyPZ0gn8DrZJ9DNtMc769/cbS+l21Y0wNGibjLQ5d:FZ8PZJFMc769khgqhYowd", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4633c8e47d0ec78033477b9a8bffaaedbe3bd62e.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": ["PENinja"], "pe_filename": "4633c8e47d0ec78033477b9a8bffaaedbe3bd62e", "pe_timestamp": "2015-06-15 19:11:27", "virus_type": "4633c8e47d0ec78033477b9a8bffaaedbe3bd62e", "resource_attrs": {}, "section_attrs": {".text": 6.474699540015526}, "signature": [], "infos": {"sha1": "4633c8e47d0ec78033477b9a8bffaaedbe3bd62e", "name": "4633c8e47d0ec78033477b9a8bffaaedbe3bd62e", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "9cf18f4b0fd5484e9219c316c07a5f73671a5dbf9ba4b9337002566cbb5fefca", "crc32": "1AE2E8B8", "path": "./extract/4633c8e47d0ec78033477b9a8bffaaedbe3bd62e", "ssdeep": "768:WCPuI6Wc1d73ckXV7riuiwrj5ta+hZPng2PypMS8Kq:Wo36WE73ckViiHa+znorxq", "size": 49152, "sha512": "8afde3d03a8008912188a4ef58838e0500f5546d886c1e74bc38e644d76e3061d0c70f742fcac3021be08ad54cb62ac0f3482b42fd5a2d404421e3e49da697a8", "md5": "ce62d50d880d2b93523e05026e4221bf"}, "versioninfo": {}, "ssdeep": "768:WCPuI6Wc1d73ckXV7riuiwrj5ta+hZPng2PypMS8Kq:Wo36WE73ckViiHa+znorxq", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "194b4c1beb28aad856d7b54717241d80", "peid_signatures": null, "pe_filename": "476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8", "pe_timestamp": "2009-01-20 21:49:03", "virus_type": "476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8", "resource_attrs": {}, "section_attrs": {"bgbtuwnj": 7.970728008630348, "mydrmcol": 0.7402094403890207, "keeoidlq": 7.914238104402321, "oskmhwhf": 0.28695107134607895}, "signature": [], "infos": {"sha1": "476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8", "name": "476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "c7f697d8e62a053d2e8a7440036d4192ab9f5116db60c30dd039eb0ba9902f77", "crc32": "6A05A119", "path": "./extract/476ea5ce0b3a1fc4a5eab73239786a1340b7dbe8", "ssdeep": "12288:sygsDEgpAAx6Eu5P5sZB04VEPNwlo/Cs4Dbazkn41GmJ73pQgTecVo8dVSg115R9:2sDEgpUFP5QSPNwlo/8nazS41rl39ecT", "size": 720896, "sha512": "cdedeb344cb5411a9467be9cb8eee151131ff99ecdcd794c08fc0792256cb5f496b3cb9d6c15ffade8e008e8719b5a37d5b794d07207580498eb27bcc8989fd1", "md5": "b737b857dcc0e11419d6352def33a862"}, "versioninfo": {}, "ssdeep": "12288:sygsDEgpAAx6Eu5P5sZB04VEPNwlo/Cs4Dbazkn41GmJ73pQgTecVo8dVSg115R9:2sDEgpUFP5QSPNwlo/8nazS41rl39ecT", "static_imports": {"count": 1, "kernel32.dll": ["GetDateFormatA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4a286e354c01441fbe5313e959f653cf.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "05a1e71ec1b63590b6b8ac66a4b33c41", "peid_signatures": null, "pe_filename": "4a286e354c01441fbe5313e959f653cf", "pe_timestamp": "2011-01-02 04:09:34", "virus_type": "4a286e354c01441fbe5313e959f653cf", "resource_attrs": {}, "section_attrs": {"UPX2": 7.991642077064105, "UPX1": 7.876144980138554}, "signature": [], "infos": {"sha1": "fa0b1986a2367535cc4973064e789beab30a03cb", "name": "4a286e354c01441fbe5313e959f653cf", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "9434581a0ed5aeb09bd7d6e25fb8089e00daa5f52825f7613523a9f1a1fa49e4", "crc32": "682157FC", "path": "./extract/4a286e354c01441fbe5313e959f653cf", "ssdeep": "1536:EYGKxlMviy0egpvArCK0IheMo5nIhvJ8bLtJwKHS+w4rLE/kPYYbSGQS3OiVdla7:PLFy0FpoGK0IGBtJX0P/k1Si3OiVdk7", "size": 100000, "sha512": "c0382123a1258998b4512e836a34338e7136fc05adf6b2ad1248a90db1bfca7575f9ee218f5d554aa7a2ed0a5959bd86bf2e67e87b87aba84a0074f209bd2b51", "md5": "4a286e354c01441fbe5313e959f653cf"}, "versioninfo": {}, "ssdeep": "1536:EYGKxlMviy0egpvArCK0IheMo5nIhvJ8bLtJwKHS+w4rLE/kPYYbSGQS3OiVdla7:PLFy0FpoGK0IGBtJX0P/k1Si3OiVdk7", "static_imports": {"count": 8, "iphlpapi.dll": ["GetAdaptersInfo"], "WININET.dll": ["FtpOpenFileA"], "SHELL32.dll": ["SHGetFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["memcpy"], "ADVAPI32.dll": ["CredFree"], "WS2_32.dll": ["WSAStartup"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4ba444d4f6fae6436cc644926c047d192c15cae9.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a9966bf888598a59ae0dc3090fbb5dad", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "4ba444d4f6fae6436cc644926c047d192c15cae9", "pe_timestamp": "2009-03-07 22:22:34", "virus_type": "4ba444d4f6fae6436cc644926c047d192c15cae9", "resource_attrs": {}, "section_attrs": {".data": 7.826595474349941}, "signature": [], "infos": {"sha1": "4ba444d4f6fae6436cc644926c047d192c15cae9", "name": "4ba444d4f6fae6436cc644926c047d192c15cae9", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "5b96ecea337974cbdfe2903683c9abf9e59b249b9ab2d84f8a190f534839dc81", "crc32": "D8FE595A", "path": "./extract/4ba444d4f6fae6436cc644926c047d192c15cae9", "ssdeep": "6144:/EYdC+yxsYYZHyXm7ZwvP6bQ7yMP+DE827HkI/wAaaa:4vxsYY5u6b7MP+Dd2Tk9Aaaa", "size": 199680, "sha512": "fe4b9a7068287bd9325d60d8150b2f8a348233c862df290d7ae824a5f250f34e816555a4cff53fabe55619e99fee380b94aa054c3a51486ebf6af959f734f6d6", "md5": "a26da42eb3faa413d28f0c9452869473"}, "versioninfo": {}, "ssdeep": "6144:/EYdC+yxsYYZHyXm7ZwvP6bQ7yMP+DE827HkI/wAaaa:4vxsYY5u6b7MP+Dd2Tk9Aaaa", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "ws2_32.dll": ["inet_addr"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4f556a60e217594ea517b3db940e7e25.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["RUSSIAN"], "pe_imphash": "96ebc9478bc2847e89056c738f81452c", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "4f556a60e217594ea517b3db940e7e25.bin", "pe_timestamp": "2007-03-25 21:26:42", "virus_type": "4f556a60e217594ea517b3db940e7e25", "resource_attrs": {}, "section_attrs": {".rbss": 7.991525843082477, ".flat": 7.566628977798276, ".aspack": 5.800507864562779, "DexCrypt": 4.4498803454010725, ".rsrc": 7.998598151665264}, "signature": [], "infos": {"sha1": "62f9b99c095620ea845e510a338d70d53f710611", "name": "4f556a60e217594ea517b3db940e7e25.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "3952a4034f3bdb97577839ffe480eae4998d3628bdb1e0e9ff68cb110d1e34ef", "crc32": "81795D50", "path": "./extract/4f556a60e217594ea517b3db940e7e25.bin", "ssdeep": "12288:HTMFUzHW/dLdSdn2oOluPMwFKXJCF3tiTS5Jthb:z/S/d0dn2LsFKXEFdYCb", "size": 496224, "sha512": "3629e4de64d347cf9e98cd560f249984929d9004b8683818cbc888548261aef33d79aa56066a74be8e19d24857d5fdd924d02ea6523f0300bc1abebd583468cd", "md5": "4f556a60e217594ea517b3db940e7e25"}, "versioninfo": {}, "ssdeep": "12288:HTMFUzHW/dLdSdn2oOluPMwFKXJCF3tiTS5Jthb:z/S/d0dn2LsFKXEFdYCb", "static_imports": {"count": 4, "kernel32.dll": ["GetProcAddress", "GetModuleHandleA", "LoadLibraryA"], "winmm.dll": ["waveOutClose"], "gdi32.dll": ["BitBlt"], "user32.dll": ["GetDesktopWindow"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/4fa26c69c7bf87cba26b27030465a284.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "290eb974ab667a6c7e8a85c86ccb6c12", "peid_signatures": null, "pe_filename": "4fa26c69c7bf87cba26b27030465a284", "pe_timestamp": "2012-03-29 20:38:45", "virus_type": "4fa26c69c7bf87cba26b27030465a284", "resource_attrs": {}, "section_attrs": {".rsrc": 6.987705016937447}, "signature": [], "infos": {"sha1": "c3a235cfcef113cfce6a558c0185178ff98800d8", "name": "4fa26c69c7bf87cba26b27030465a284", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "fb56e288eedf4410eaccfc35435ed7dd8226eb0f36c38c1eb8c34fb7346a0eb8", "crc32": "76288AA8", "path": "./extract/4fa26c69c7bf87cba26b27030465a284", "ssdeep": "12288:BE2kEF0bPhcAosmbR3gfOj6KTGfE4hLMV5MT7o4N5T4g:BjkWEPWttj6KTGFwkA4jT", "size": 514048, "sha512": "019e3d827a8e013e22db3314f32b265be5b7c76422c1731f1f38af28d51f3511e51e208fed3034ec8f1e9d965a0a02aa7ee031195aa409e9de0f96bb3836c0e8", "md5": "4fa26c69c7bf87cba26b27030465a284"}, "versioninfo": {"LegalCopyright": "hjgfj", "InternalName": "cow__boy", "FileVersion": "6.42.0009", "CompanyName": "gh", "LegalTrademarks": "jhhgghjghzdf", "Comments": "ghgfh", "ProductName": "ghgfmghj", "ProductVersion": "6.42.0009", "FileDescription": "gfghf", "Translation": "0x0409 0x04b0", "OriginalFilename": "cow__boy.exe"}, "ssdeep": "12288:BE2kEF0bPhcAosmbR3gfOj6KTGfE4hLMV5MT7o4N5T4g:BjkWEPWttj6KTGFwkA4jT", "static_imports": {"count": 3, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"], "msvbvm60.dll": ["__vbaStrI2"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/50298fc7781d742903e5deadb3d8611c.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": null, "pe_filename": "50298fc7781d742903e5deadb3d8611c", "pe_timestamp": "2012-03-02 02:48:21", "virus_type": "50298fc7781d742903e5deadb3d8611c", "resource_attrs": {}, "section_attrs": {".text": 7.997276574156279, ".rsrc": 5.043636276543878}, "signature": [], "infos": {"sha1": "179ffee9b552a129764fe442893cda9a2dcefdff", "name": "50298fc7781d742903e5deadb3d8611c", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "44b453d69f15a17ff5f0640f46de7f57599881b2fbb7287b4e8e39befe9d66e7", "crc32": "C5EBD9E1", "path": "./extract/50298fc7781d742903e5deadb3d8611c", "ssdeep": "3072:MMvgGiPR0jrbBw0OzzBMWHEnpEuLPLIHtjG2:Mmg9p2rbi0OPB8y8PL", "size": 155648, "sha512": "112812ac9965b9a9d63132aa522e925cdbfe02888a1f7d6e2049ba6eb3e194cd08ae08c5349842a0b1b8042596da277ce331885ffa153cf2a1813587cdb85259", "md5": "50298fc7781d742903e5deadb3d8611c"}, "versioninfo": {"LegalCopyright": "hrpfgug", "InternalName": "test", "FileVersion": "7.04.0013", "CompanyName": "srtnknejjqrtpekha", "LegalTrademarks": "mhvddceorul", "Comments": "qcoqaentoithgsk", "ProductName": "qbcealrohvajvbhg", "ProductVersion": "7.04.0013", "FileDescription": "mocosqcaktiedhpvi", "Translation": "0x0409 0x04b0", "OriginalFilename": "test.exe"}, "ssdeep": "3072:MMvgGiPR0jrbBw0OzzBMWHEnpEuLPLIHtjG2:Mmg9p2rbi0OPB8y8PL", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/5473619c9327af4ec0573e0d119615edc5a36167.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "1d90cb945533f81b2d15a201906421d5", "peid_signatures": null, "pe_filename": "5473619c9327af4ec0573e0d119615edc5a36167", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "5473619c9327af4ec0573e0d119615edc5a36167", "resource_attrs": {}, "section_attrs": {"CODE": 6.466492363244631, ".rsrc": 7.964367468877508, ".idata": 3.2359248474918276, ".rdata": 0.2044881574398449, ".reloc": 5.993014514961644, "DATA": 2.815715049134793}, "signature": [], "infos": {"sha1": "5473619c9327af4ec0573e0d119615edc5a36167", "name": "5473619c9327af4ec0573e0d119615edc5a36167", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "3169817eb045d374f82be29c937b3cf28d31e89e3510109ddabd5013dd846b2e", "crc32": "8E35AA72", "path": "./extract/5473619c9327af4ec0573e0d119615edc5a36167", "ssdeep": "1536:zCR00qbGHbzKiYC8AxdvDgB8vP/to4SY0UyRDEJkqKNjfLW:hw/Ki3dL06P/toI0rVND", "size": 86528, "sha512": "039591b72a4f24d033b7880cabe401b3846a00392906edb1ef011ebd031085763563ef8961c99d969a10f866a489113e12ef343e8089f5d45da015081a1690ac", "md5": "3f0e3b95f79bf5a0629825f6958c23b7"}, "versioninfo": {}, "ssdeep": "1536:zCR00qbGHbzKiYC8AxdvDgB8vP/to4SY0UyRDEJkqKNjfLW:hw/Ki3dL06P/toI0rVND", "static_imports": {"count": 6, "advapi32.dll": ["RegQueryValueExA", "RegOpenKeyExA", "RegCloseKey"], "kernel32.dll": ["Sleep", "LoadLibraryA", "GetTickCount"], "user32.dll": ["TranslateMessage", "PostQuitMessage", "PeekMessageA", "DispatchMessageA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/549989483e0736dc58d38543eec2d0a7b4470a91.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "549989483e0736dc58d38543eec2d0a7b4470a91", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "549989483e0736dc58d38543eec2d0a7b4470a91", "resource_attrs": {}, "section_attrs": {"CODE": 7.994263964663248}, "signature": [], "infos": {"sha1": "549989483e0736dc58d38543eec2d0a7b4470a91", "name": "549989483e0736dc58d38543eec2d0a7b4470a91", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "74e2e2711af403e64e24ffbfae9490cd72c443d426c94c1d44feff3f865373b5", "crc32": "D6D11C96", "path": "./extract/549989483e0736dc58d38543eec2d0a7b4470a91", "ssdeep": "768:jFbZnM/FqyQn79M7o3B67jSxBmMqj0aDYLdZMr+dNUebozs:jFbZKFqyQ4KBajGdq4aDqZbdaOozs", "size": 33280, "sha512": "a806fd5e381f7fa41d84903a59671d3b152f1f3cb12a1a2368fc13bef7876fd4f180bd5a11205458e50f92f1b0a241bc9cd8bf9dc53d7edc36f388d409eb3c3d", "md5": "50caa09561decd84c5c4817a73effb90"}, "versioninfo": {}, "ssdeep": "768:jFbZnM/FqyQn79M7o3B67jSxBmMqj0aDYLdZMr+dNUebozs:jFbZKFqyQ4KBajGdq4aDqZbdaOozs", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/559e3f3f9637988a698c36ed3c75547a.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US", "NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "baa93d47220682c04d92f7797d9224ce", "peid_signatures": null, "pe_filename": "559e3f3f9637988a698c36ed3c75547a", "pe_timestamp": "1997-01-10 22:06:34", "virus_type": "559e3f3f9637988a698c36ed3c75547a", "resource_attrs": {}, "section_attrs": {" ": 0.04052010592347304, "kmsctdip": 7.832875919008204, ".idata ": 0.19631332759895523, "qlbsdysu": 6.944983505147184, ".rsrc": 7.272277589744877}, "signature": [], "infos": {"sha1": "d795d30066c3a795835204c6a1f260047377a86b", "name": "559e3f3f9637988a698c36ed3c75547a", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "4e89828f93e348207b97bc2600f1d5a01a5c15dcde79bd645dcd88680855f982", "crc32": "9925F9D0", "path": "./extract/559e3f3f9637988a698c36ed3c75547a", "ssdeep": "24576:pjgG7En2lXVKB6y9RRLzPzJgBmld1GgnQqHUhWqDdNBJ+mL5vgvSTH39S:pjgGCMX8p9RRLzlgBC/56WqDdDJT4aTk", "size": 1216512, "sha512": "5141863ee8fb47cf68cbee5f0a9c2dac79dd2e4241db171af9a6a01b4196e0d05f5a9cb8e29ca89703209294a30fe32c4628cc6881f03850874f7dce9ce50d54", "md5": "559e3f3f9637988a698c36ed3c75547a"}, "versioninfo": {}, "ssdeep": "24576:pjgG7En2lXVKB6y9RRLzPzJgBmld1GgnQqHUhWqDdNBJ+mL5vgvSTH39S:pjgGCMX8p9RRLzlgBC/56WqDdDJT4aTk", "static_imports": {"count": 2, "kernel32.dll": ["lstrcpy"], "comctl32.dll": ["InitCommonControls"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/586b41eec6360ede063760d878b164623665ce8c.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "5f116d8e20f7d894b4b4ecbad1704009", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "586b41eec6360ede063760d878b164623665ce8c", "pe_timestamp": "1996-12-17 21:57:10", "virus_type": "586b41eec6360ede063760d878b164623665ce8c", "resource_attrs": {}, "section_attrs": {"UPX1": 7.844537528406964, ".rsrc": 2.778183588777773}, "signature": [], "infos": {"sha1": "586b41eec6360ede063760d878b164623665ce8c", "name": "586b41eec6360ede063760d878b164623665ce8c", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "7f5e67bbeedd48fd23865f90a5f96117a98bd8af203b69fcd93500fce70ab26d", "crc32": "E3B53793", "path": "./extract/586b41eec6360ede063760d878b164623665ce8c", "ssdeep": "384:d55o+pfW5TnwwmlvDy/EgZnur6XYMV33cXHCzHO:ra+MTnYvDQEgZur6XY83oHCzH", "size": 25600, "sha512": "7434d1875f9dbdfb871bdea29d9db404b09bdaa44dbab53ff6acc115d90806ef13e65e340822155173a91636d4bc27790e2837893376d0f27f5a8db621c342d9", "md5": "8d518b85486ab4ee62b7bb7e6b784c8f"}, "versioninfo": {"Translation": "0x0409 0x04b0"}, "ssdeep": "384:d55o+pfW5TnwwmlvDy/EgZnur6XYMV33cXHCzHO:ra+MTnYvDQEgZur6XY83oHCzH", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/59851d6bd8035a72c7563c53a686f764.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "63bdc560787fb0932fe693d321661b8a", "peid_signatures": null, "pe_filename": "59851d6bd8035a72c7563c53a686f764", "pe_timestamp": "2011-02-25 01:57:44", "virus_type": "59851d6bd8035a72c7563c53a686f764", "resource_attrs": {}, "section_attrs": {".MPRESS1": 7.999348925868142, ".MPRESS2": 6.499486357203359, ".rsrc": 4.903732576577892}, "signature": [], "infos": {"sha1": "a271a43c3dca15a1acff94c7a2d4231bc92a33fa", "name": "59851d6bd8035a72c7563c53a686f764", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "beaa1f4e736ccc07944e22f82c2a5335dae96040c2d6e2d7014fdf0a05637666", "crc32": "8272856A", "path": "./extract/59851d6bd8035a72c7563c53a686f764", "ssdeep": "12288:jm2aapJw2hMgrj6K0W1yuhz62FLBNB6BT7E/wzu5Q4:j2LU+UyS7F1NUBNS", "size": 672256, "sha512": "e8ae33a870f51c4409616f2dc6ef047f3dc361732c0232656f9506c59d8acea06f7d18ab5e4d2b4ba0eaebb4f88dd2a34e33f877443548df2c97e3e3f0974a77", "md5": "59851d6bd8035a72c7563c53a686f764"}, "versioninfo": {"InternalName": "server", "FileVersion": "47.38.0081", "ProductName": "qGKMEeGlVRF", "ProductVersion": "47.38.0081", "Translation": "0x0409 0x04b0", "OriginalFilename": "server.exe"}, "ssdeep": "12288:jm2aapJw2hMgrj6K0W1yuhz62FLBNB6BT7E/wzu5Q4:j2LU+UyS7F1NUBNS", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/59afb5216f86ce53fada412628fb7f90ca4c2aa7.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": ["PECompact 2.xx --> BitSum Technologies"], "pe_filename": "59afb5216f86ce53fada412628fb7f90ca4c2aa7.bin", "pe_timestamp": "2010-11-08 21:12:07", "virus_type": "59afb5216f86ce53fada412628fb7f90ca4c2aa7", "resource_attrs": {}, "section_attrs": {".KaKa": 7.993487428588634, ".rsrc": 6.955501778622496}, "signature": [], "infos": {"sha1": "59afb5216f86ce53fada412628fb7f90ca4c2aa7", "name": "59afb5216f86ce53fada412628fb7f90ca4c2aa7.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "e3797985169964b8e0818d4cffe5caaf609aa7a19ebd4e9da5ae49035d4df12e", "crc32": "EA469FBD", "path": "./extract/59afb5216f86ce53fada412628fb7f90ca4c2aa7.bin", "ssdeep": "1536:n432lC0zV8NdzeyeUV97jKjYW7J7Fga5KBTt+iFs0FPLJjo7URGGnr1gp7eBpAaN:RlC0zodyFUH7jKcWvgaEYgLIGnhgQ2E", "size": 97280, "sha512": "c69069bc3590a40b9db6b119b914ce5008d67e8983487ed11092a5163522b7dfa82af55eeb75d8b344b3a6bc11dfd9ef5601c742b8ad58b92ba9450f294e8f1b", "md5": "81e867015474685f97df8984f511bab4"}, "versioninfo": {"LegalCopyright": "adm-draco@live.com", "InternalName": "L2.exe System Anti Lagg", "FileVersion": "1,0,0,0", "CompanyName": "L2 Draco", "ProductName": "L2.exe", "ProductVersion": "1,0,0,0", "FileDescription": "By -KaKa-", "Translation": "0x0000 0x04e4"}, "ssdeep": "1536:n432lC0zV8NdzeyeUV97jKjYW7J7Fga5KBTt+iFs0FPLJjo7URGGnr1gp7eBpAaN:RlC0zodyFUH7jKcWvgaEYgLIGnhgQ2E", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/5bf07a86df51ea86896060d91b344686c75512b0.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a9966bf888598a59ae0dc3090fbb5dad", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "5bf07a86df51ea86896060d91b344686c75512b0", "pe_timestamp": "2009-01-13 11:24:44", "virus_type": "5bf07a86df51ea86896060d91b344686c75512b0", "resource_attrs": {}, "section_attrs": {".data": 7.820926348919728}, "signature": [], "infos": {"sha1": "5bf07a86df51ea86896060d91b344686c75512b0", "name": "5bf07a86df51ea86896060d91b344686c75512b0", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "53d683336b23ee3c62c31acaa793b29f163b3da23375b317f36858661ae7393e", "crc32": "DF961E8C", "path": "./extract/5bf07a86df51ea86896060d91b344686c75512b0", "ssdeep": "6144:j9lA189qNR9701KY76ewvP6bQ7yMP+DE827SH6:Zl4kmRyp7I6b7MP+Dd2J", "size": 198656, "sha512": "9f05ac48d70574b09525d591529606650e044d00ec3e567b70fc5d8bd8cc54b9dd53ee32807f1e7b47b3ab86519c5b9c08b71a59b4ad64d5a011b6bc68010273", "md5": "ab333bb8bfff3aa7a274c94e16d7ed04"}, "versioninfo": {}, "ssdeep": "6144:j9lA189qNR9701KY76ewvP6bQ7yMP+DE827SH6:Zl4kmRyp7I6b7MP+Dd2J", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "ws2_32.dll": ["inet_addr"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US", "ZULU", "DEFAULT"], "pe_imphash": "3243b13e562279ab7fbe2f31e45d3a95", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562", "pe_timestamp": "2007-02-09 10:25:03", "virus_type": "5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562", "resource_attrs": {}, "section_attrs": {"UPX1": 7.8264552830369825, "akwthrb": 7.45456364297106, ".rsrc": 2.63607010597345}, "signature": [], "infos": {"sha1": "5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562", "name": "5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "2a9046b855102046741ce8a56463f3fb7c650d693f2bf0d2bcee4112d437b92e", "crc32": "41855DFC", "path": "./extract/5c5130aae8b6fac3d6b12bf95d6dc1fb95f3f562", "ssdeep": "3072:hTUtZpaaUJ7FlxTTUXdu/6NIqjRcNQlhL1MYpAxdXg:dcpavHIfNXbvLWQ", "size": 150908, "sha512": "4cf8ad9e083f568ac452e112f56a1433629d15b8ec4cdf74424bae27bc9903f43fa8c9a13d3154538a575b6766ab8de6915d5c3afc129ec466d958c00c58b304", "md5": "b7f961130bf99c4978a471dbb4bec334"}, "versioninfo": {"InternalName": "GMGnCrRPAt7OMCvh", "FileVersion": "4.597.0105", "CompanyName": "SO1pEI", "ProductName": "YdbsCQ9s", "ProductVersion": "4.597.0105", "Translation": "0x0409 0x04b0", "OriginalFilename": "GMGnCrRPAt7OMCvh.exe"}, "ssdeep": "3072:hTUtZpaaUJ7FlxTTUXdu/6NIqjRcNQlhL1MYpAxdXg:dcpavHIfNXbvLWQ", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/61e6d6ae9041aa7a443363f464ab97976c02f743.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "b46ead522a346c3a0732882852f5cd15", "peid_signatures": null, "pe_filename": "61e6d6ae9041aa7a443363f464ab97976c02f743", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "61e6d6ae9041aa7a443363f464ab97976c02f743", "resource_attrs": {}, "section_attrs": {"UPX2": 7.275621121910075, "UPX1": 7.962569682791526}, "signature": [], "infos": {"sha1": "61e6d6ae9041aa7a443363f464ab97976c02f743", "name": "61e6d6ae9041aa7a443363f464ab97976c02f743", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "cfc9122de0c42e43f5d4f07eb88a51c36fd2ba1cbf622bfab202fdc3717f3b4f", "crc32": "F1343A6D", "path": "./extract/61e6d6ae9041aa7a443363f464ab97976c02f743", "ssdeep": "192:XuN2K0RlbknG6GoPCHQRsqMrQ5Ms9a11W:XRKGFz2Pp3Mcz9a1", "size": 7680, "sha512": "5e8e2660b6dac21ebee286a0ad6c3ff43460e12b68d949854ae120865948b9d47a704c824f8f7f028c0fdf7823bbe3b09077fb78c549b4b5b93a09eb65f31245", "md5": "466a642f03a0cd687cdba934348628ec"}, "versioninfo": {}, "ssdeep": "192:XuN2K0RlbknG6GoPCHQRsqMrQ5Ms9a11W:XRKGFz2Pp3Mcz9a1", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetProcAddress", "LoadLibraryA"], "USER32.DLL": ["GetDlgItem"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/629d4e44eba8b829ebfe8b937afd9bcc1739336c.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "629d4e44eba8b829ebfe8b937afd9bcc1739336c", "pe_timestamp": "2013-06-04 14:07:56", "virus_type": "629d4e44eba8b829ebfe8b937afd9bcc1739336c", "resource_attrs": {}, "section_attrs": {".reloc": 6.610584353892099, ".data": 6.424923579192658, ".rsrc": 6.678536685711917, ".text": 6.571488882171711, ".text/DE": 6.422945032849715}, "signature": [], "infos": {"sha1": "629d4e44eba8b829ebfe8b937afd9bcc1739336c", "name": "629d4e44eba8b829ebfe8b937afd9bcc1739336c", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "abba38119958cc11075779f7cc37e8501a5cad361816ce05b1317f34ffc534a3", "crc32": "6303F834", "path": "./extract/629d4e44eba8b829ebfe8b937afd9bcc1739336c", "ssdeep": "24576:AuPjz0TflIbgJx0BV06ReuzaBNspp8PK2p5xwNMiIIShBD:Aoz0TlIbgvGpeueBNsH8df6NNJSX", "size": 975872, "sha512": "91851e42a57de7e356970d31875024854c2258fe9b695171df29d0627f0c5a0df1baa9eae0a96a27a07b98c4a501c4735bd213f0e5dccb040be4f943fc5530f5", "md5": "06de0f33465679783d03bf0b98f14b8d"}, "versioninfo": {}, "ssdeep": "24576:AuPjz0TflIbgJx0BV06ReuzaBNspp8PK2p5xwNMiIIShBD:Aoz0TlIbgvGpeueBNsH8df6NNJSX", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/632dd46480b5ffff73b35dd037126e7dd29f9fbb.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "632dd46480b5ffff73b35dd037126e7dd29f9fbb", "pe_timestamp": "2015-08-11 21:18:42", "virus_type": "632dd46480b5ffff73b35dd037126e7dd29f9fbb", "resource_attrs": {}, "section_attrs": {".reloc": 0.10191042566270775, ".text": 7.420789217721305, ".rsrc": 4.00581058776058}, "signature": [], "infos": {"sha1": "632dd46480b5ffff73b35dd037126e7dd29f9fbb", "name": "632dd46480b5ffff73b35dd037126e7dd29f9fbb", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "0ca9bbbc9f3321cf6139f39e6ab0418e2afd1d3e8252e996fd3f54e062c5056f", "crc32": "9C2A3874", "path": "./extract/632dd46480b5ffff73b35dd037126e7dd29f9fbb", "ssdeep": "6144:AOBFJ6Ist9k7dK6afY2uJt1wpaRa9ymFzeDxSQd7:17rEe7dKk2mrWIYZs", "size": 311296, "sha512": "846a75a39a3eb3f94249c3a8088ed7f8544864155ba4797d4e592fcfd201ff39f095f74b94ff14019112e08ec550ba3736e324217e8f59f0ccf1fc0d45b8fa84", "md5": "47419e5cc8b07225543d6a3b0d2e0088"}, "versioninfo": {"LegalCopyright": "Copyright \\xa9 2015", "Assembly Version": "1.0.0.0", "InternalName": "DV.exe", "FileVersion": "1.0.0.0", "Comments": "Soution to clear system trojan and malware", "ProductName": "DV", "ProductVersion": "1.0.0.0", "FileDescription": "DV", "Translation": "0x0000 0x04b0", "OriginalFilename": "DV.exe"}, "ssdeep": "6144:AOBFJ6Ist9k7dK6afY2uJt1wpaRa9ymFzeDxSQd7:17rEe7dKk2mrWIYZs", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/658720183ce164c2db557e448fde737dad14136f.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "DEFAULT"], "pe_imphash": "2cc3dbb38362efadb42b9f356e97a55e", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "658720183ce164c2db557e448fde737dad14136f", "pe_timestamp": "2005-08-06 17:19:30", "virus_type": "658720183ce164c2db557e448fde737dad14136f", "resource_attrs": {}, "section_attrs": {"UPX1": 7.803383654285061, ".rsrc": 7.427110866219331}, "signature": [], "infos": {"sha1": "658720183ce164c2db557e448fde737dad14136f", "name": "658720183ce164c2db557e448fde737dad14136f", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "2cec6bc3902036e38851e44fa05c180f8a46f7dc065ce1735291fc947db4eef9", "crc32": "EA020F38", "path": "./extract/658720183ce164c2db557e448fde737dad14136f", "ssdeep": "1536:R7WLUAt/wsQVYDEu9zY8zvXPUmQq/MKAv28Vi:9bA1rE8bPUm0KAu8k", "size": 71878, "sha512": "cf27ff4d6e99142d3857899510337a7637fcdc80ce4b7d88917c2e437c012e7f3a3b5776beef96f6710c512f2a4815d0fc52705fe96b5754ce278609788cb02c", "md5": "32766e889ed0626e611b34055e8920f4"}, "versioninfo": {}, "ssdeep": "1536:R7WLUAt/wsQVYDEu9zY8zvXPUmQq/MKAv28Vi:9bA1rE8bPUm0KAu8k", "static_imports": {"count": 3, "MFC42.DLL": [], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["exit"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/6611dd67a8e8f10ff5151516eebbaeb44d3c60bf.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "6611dd67a8e8f10ff5151516eebbaeb44d3c60bf", "pe_timestamp": "2014-11-01 20:59:40", "virus_type": "6611dd67a8e8f10ff5151516eebbaeb44d3c60bf", "resource_attrs": {}, "section_attrs": {"UPX1": 7.9254379918212825, ".rsrc": 7.345135152752828}, "signature": [], "infos": {"sha1": "6611dd67a8e8f10ff5151516eebbaeb44d3c60bf", "name": "6611dd67a8e8f10ff5151516eebbaeb44d3c60bf", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "fb261155687afb0fd00a061bc185805bd8a98233f0a480e383a911d14c3f0af1", "crc32": "4DB53240", "path": "./extract/6611dd67a8e8f10ff5151516eebbaeb44d3c60bf", "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/e:R2J50JCoZBrTZa+BrP1Db4QUod/e", "size": 321127, "sha512": "b21d4237cc9f4dcbce0c708782d862427c6fa91adb334b17a672b36ce3f23aaca7d2fc9f114cdd7a37975fd4e39803ff3e5b9f496527f99b9e29aaf5cfb15838", "md5": "df8263a978ba9e238e942ed7d948744f"}, "versioninfo": {}, "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/e:R2J50JCoZBrTZa+BrP1Db4QUod/e", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/677ebe0bf0d5aa226080ddcf5693d82101b7550b.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "925d520f5293e67288768f2e5b5319f5", "peid_signatures": null, "pe_filename": "677ebe0bf0d5aa226080ddcf5693d82101b7550b", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "677ebe0bf0d5aa226080ddcf5693d82101b7550b", "resource_attrs": {}, "section_attrs": {".wde": 7.972565598081689}, "signature": [], "infos": {"sha1": "677ebe0bf0d5aa226080ddcf5693d82101b7550b", "name": "677ebe0bf0d5aa226080ddcf5693d82101b7550b", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "d21e18db3a1b5375e54f5315c7cb96a0a3ffd9a5256ec7f88977963f011a9232", "crc32": "DA876A89", "path": "./extract/677ebe0bf0d5aa226080ddcf5693d82101b7550b", "ssdeep": "768:VRVPWBTPrXyJUmhsDLhexxsIsSjfRE2SsYi/XQE5Y8no7u3QEngUXkbzAkvqF:HVPWBLriJzs5eLsSLREX7i55Y2o7EgUF", "size": 46080, "sha512": "9ef730ae1f68fe5adcf678c3f250bab7729f00eb6c3575f5f151c6cf00b040ffe52195c2284925b7363cef9301128c5a593666a8d9ec41a444073c3b2e4072f4", "md5": "6b64bc3cd52268e02a633a2c5bcdcb22"}, "versioninfo": {}, "ssdeep": "768:VRVPWBTPrXyJUmhsDLhexxsIsSjfRE2SsYi/XQE5Y8no7u3QEngUXkbzAkvqF:HVPWBLriJzs5eLsSLREX7i55Y2o7EgUF", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["ceil"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["connect"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/69dac2040b1faa9dbaa06998f375e7d1.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "7bcb4be8a284e4ec65e8f7af4ff9f3bc", "peid_signatures": null, "pe_filename": "69dac2040b1faa9dbaa06998f375e7d1", "pe_timestamp": "2012-04-19 23:46:35", "virus_type": "69dac2040b1faa9dbaa06998f375e7d1", "resource_attrs": {}, "section_attrs": {".MPRESS1": 4.966681563911529, ".MPRESS2": 5.018100602851341, ".rsrc": 2.0806245657541345}, "signature": [], "infos": {"sha1": "85dc55696105b442a3e346b9d3d329d7c5aebe4a", "name": "69dac2040b1faa9dbaa06998f375e7d1", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "64c0c62acf48683f051bdf30d94828db6024c19136906421fd8d8c95a89aedeb", "crc32": "DAE0DD98", "path": "./extract/69dac2040b1faa9dbaa06998f375e7d1", "ssdeep": "3072:1YVX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:1YwCE7KJDsCH8rsfuMdMWhMB", "size": 352256, "sha512": "4b5c1ca8ae451be61fbd4a840aa7bf35dc5ea604ac82a91231abb8433ee5532cf7bb131c2c04f078cf519224010b1d83327a4b35f387e10ce3a04ec1f9cbba64", "md5": "69dac2040b1faa9dbaa06998f375e7d1"}, "versioninfo": {"LegalCopyright": "YqEOxx", "InternalName": "Stub", "FileVersion": "1.00", "CompanyName": "kJyvp", "Comments": "EbxVcYjnBQZi", "ProductName": "KKJNzszeqq", "ProductVersion": "1.00", "FileDescription": "QxThvdu", "Translation": "0x0409 0x04b0", "OriginalFilename": "Stub.exe"}, "ssdeep": "3072:1YVX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:1YwCE7KJDsCH8rsfuMdMWhMB", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/6a5ac414c1c558594ea785064b1c02c8.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "63bdc560787fb0932fe693d321661b8a", "peid_signatures": null, "pe_filename": "6a5ac414c1c558594ea785064b1c02c8", "pe_timestamp": "2011-02-25 01:57:44", "virus_type": "6a5ac414c1c558594ea785064b1c02c8", "resource_attrs": {}, "section_attrs": {".MPRESS1": 7.999348925868142, ".MPRESS2": 6.499486357203359, ".rsrc": 4.9204914162270885}, "signature": [], "infos": {"sha1": "e5c38d5307df351c6bd3c922cddff49273ac8d0f", "name": "6a5ac414c1c558594ea785064b1c02c8", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "c9d63f9a5b692d7c7466032d887d6ed1b427c9ac086af47a2aeb57fe262e77e3", "crc32": "7EBFEFC9", "path": "./extract/6a5ac414c1c558594ea785064b1c02c8", "ssdeep": "12288:ym2aapJw2hMgrj6K0W1yuhz62sL/Nh6BT7E/wzu5Q4q:y2LU+UyS7sTN0BNS4", "size": 673280, "sha512": "b659122f93ef57d2ff0a261aa9ed2a8f366e749abeb20f9964f79ac1bd102dfbe3136041872674489d40a28b96bb4c1f4b848f31cdad794855f6335cdb823e87", "md5": "6a5ac414c1c558594ea785064b1c02c8"}, "versioninfo": {"InternalName": "server", "FileVersion": "47.38.0081", "ProductName": "qGKMEeGlVRF", "ProductVersion": "47.38.0081", "Translation": "0x0409 0x04b0", "OriginalFilename": "server.exe"}, "ssdeep": "12288:ym2aapJw2hMgrj6K0W1yuhz62sL/Nh6BT7E/wzu5Q4q:y2LU+UyS7sTN0BNS4", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/6d6b9f16494bc5116a49b0818ba40dcacd6537e6.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "b3033e676bc73dd3f115806be1d93191", "peid_signatures": null, "pe_filename": "6d6b9f16494bc5116a49b0818ba40dcacd6537e6", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "6d6b9f16494bc5116a49b0818ba40dcacd6537e6", "resource_attrs": {}, "section_attrs": {"CODE": 6.3544717409044305, ".rsrc": 5.44107177251416, ".idata": 2.626724931199771, ".rdata": 0.19743807838821048, ".reloc": 5.330295290015902, "DATA": 1.299315354206644}, "signature": [], "infos": {"sha1": "6d6b9f16494bc5116a49b0818ba40dcacd6537e6", "name": "6d6b9f16494bc5116a49b0818ba40dcacd6537e6", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1fcc626a5182e3d7d4d08d82f5c924283723366358ab5d555c19fea55613dc8f", "crc32": "92488031", "path": "./extract/6d6b9f16494bc5116a49b0818ba40dcacd6537e6", "ssdeep": "1536:LWYMDh2rgygYSOys10waXwI+D3ro0xdr/I4KU3+z7mH:LRetygZOT0zKDc0xdr/13kmH", "size": 135680, "sha512": "dcb58ffe6a6f89c6f2923b2a5e78d7d0f5394f575092807fe664cea1952985a9371c578f14baf9453f0e085b0f576d63dcd313321945d80e0eb7ff6b6e6a52cd", "md5": "e813d9fc5177dd220024d432b2635f8d"}, "versioninfo": {}, "ssdeep": "1536:LWYMDh2rgygYSOys10waXwI+D3ro0xdr/I4KU3+z7mH:LRetygZOT0zKDc0xdr/13kmH", "static_imports": {"count": 4, "kernel32.dll": ["GetProcAddress"], "user32.dll": ["CharNextA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/6f1e66b663e3ec442b96e0669231a752acf79649.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "4a5e825675cf33de551ef57b6aef78b5", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "6f1e66b663e3ec442b96e0669231a752acf79649", "pe_timestamp": "2002-04-20 11:13:05", "virus_type": "6f1e66b663e3ec442b96e0669231a752acf79649", "resource_attrs": {}, "section_attrs": {"UPX2": 2.5799551154706704, "UPX1": 7.920333595315794}, "signature": [], "infos": {"sha1": "6f1e66b663e3ec442b96e0669231a752acf79649", "name": "6f1e66b663e3ec442b96e0669231a752acf79649", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "f43f240a6eb167cae8d19fca48621109a85100b4653f4d2b6862c0ebb8bb6ca3", "crc32": "438E9467", "path": "./extract/6f1e66b663e3ec442b96e0669231a752acf79649", "ssdeep": "6144:Rvv6FT+6Nud9NV5BQB6l79I0tQe9p66QvwXS0r0UokacnQF:hL60d9NVns6l79Ieyv0S0rzoka", "size": 295936, "sha512": "951dab7bae6c74f5d285816e54d705271c6bbc0c5de5525177c3cb9d5068339e1e032aa1063895bf428d9bb74d6253f426bde00df65800505617c37429f236bd", "md5": "802c03639e7f5810ec7865dbce1e9326"}, "versioninfo": {}, "ssdeep": "6144:Rvv6FT+6Nud9NV5BQB6l79I0tQe9p66QvwXS0r0UokacnQF:hL60d9NVns6l79Ieyv0S0rzoka", "static_imports": {"count": 5, "zlib.dll": [], "WINMM.dll": ["mciSendCommandA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "alleg40.dll": [], "USER32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/706eccdf76a476e276747e39c4550c7b0d7e8dc9.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "6424e25df06cf7aacfb4eeb385208ca1", "peid_signatures": null, "pe_filename": "706eccdf76a476e276747e39c4550c7b0d7e8dc9", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "706eccdf76a476e276747e39c4550c7b0d7e8dc9", "resource_attrs": {}, "section_attrs": {"UPX1": 7.918354947108554, ".rsrc": 3.594457483307893}, "signature": [], "infos": {"sha1": "706eccdf76a476e276747e39c4550c7b0d7e8dc9", "name": "706eccdf76a476e276747e39c4550c7b0d7e8dc9", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "08c77ea936ed9329588c61cce96d4f9608687cd94efeba935908ac8f611f35fc", "crc32": "7FCFEC01", "path": "./extract/706eccdf76a476e276747e39c4550c7b0d7e8dc9", "ssdeep": "3072:ZwZtWa+gk1k8ku2+z0S74q0ejHQsSF/LzRLELrraBYvAQ0Hx9b7POzTTCSfMSzpj:6/ykmzn74q0aQlF/eL/nYi+SfMSjidY/", "size": 189952, "sha512": "c147cff794c6e027f60feebbd068bd5c79942530594a1e1d36b9aa37c40996ae11960d418e3a533c4de851049ac178c74dc9ff405f2ca36de342a618e61412fb", "md5": "64dc8588a4a6ecbbeda0dcfcc942a6c8"}, "versioninfo": {}, "ssdeep": "3072:ZwZtWa+gk1k8ku2+z0S74q0ejHQsSF/LzRLELrraBYvAQ0Hx9b7POzTTCSfMSzpj:6/ykmzn74q0aQlF/eL/nYi+SfMSjidY/", "static_imports": {"count": 10, "version.dll": ["VerQueryValueA"], "wininet.dll": ["InternetOpenA"], "gdi32.dll": ["SaveDC"], "shell32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress"], "oleaut32.dll": ["LoadTypeLib"], "advapi32.dll": ["RegFlushKey"], "ole32.dll": ["OleDraw"], "user32.dll": ["GetDC"], "comctl32.dll": ["ImageList_Add"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/7093afb92e2c4e81a6523f489837d82d.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "ea23fc29d95be057d4e7c6b77d74a60d", "peid_signatures": null, "pe_filename": "7093afb92e2c4e81a6523f489837d82d", "pe_timestamp": "2010-12-02 09:26:42", "virus_type": "7093afb92e2c4e81a6523f489837d82d", "resource_attrs": {}, "section_attrs": {".0data": 7.995018681754053, ".text": 5.214258951239585, ".rsrc": 3.9410928982580176}, "signature": [], "infos": {"sha1": "c801cc1b6c51ef7f79d125457f192e5c826c4ecb", "name": "7093afb92e2c4e81a6523f489837d82d", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "f9ad27a10d8a243aaa7eb1892c49bdf88fb5b63ebb43b81679f5cf4b5d826379", "crc32": "60F24F07", "path": "./extract/7093afb92e2c4e81a6523f489837d82d", "ssdeep": "3072:NJCD548iJinhQGgD/rFcwdIXtekADVXd1vKnfTd:Wxnw/e9Xtq9/Snrd", "size": 131072, "sha512": "dc27a4cd85c193b5bb380ce6141526e2d328352d101c9295cfb639f838093e8733a19a7d606f58b1f2f726b1c76076082c7acaa13606acd4980ac47e5e8919c7", "md5": "7093afb92e2c4e81a6523f489837d82d"}, "versioninfo": {"InternalName": "OlalaTheWorld", "FileVersion": "1.00", "ProductName": "DungCoi", "ProductVersion": "1.00", "Translation": "0x0409 0x04b0", "OriginalFilename": "OlalaTheWorld.exe"}, "ssdeep": "3072:NJCD548iJinhQGgD/rFcwdIXtekADVXd1vKnfTd:Wxnw/e9Xtq9/Snrd", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/7564c3435c98c784c7f106fd11fd20be1f8ca42f.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "7564c3435c98c784c7f106fd11fd20be1f8ca42f", "pe_timestamp": "2014-11-01 20:59:40", "virus_type": "7564c3435c98c784c7f106fd11fd20be1f8ca42f", "resource_attrs": {}, "section_attrs": {"UPX1": 7.9254379918212825, ".rsrc": 7.42476238251452}, "signature": [], "infos": {"sha1": "7564c3435c98c784c7f106fd11fd20be1f8ca42f", "name": "7564c3435c98c784c7f106fd11fd20be1f8ca42f", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "5fa33a18497f4808bcf7b56b98f08e64a97782cc7b45602cfa6064cd902e2bc0", "crc32": "9659D411", "path": "./extract/7564c3435c98c784c7f106fd11fd20be1f8ca42f", "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/tkD:R2J50JCoZBrTZa+BrP1Db4QUod/Y", "size": 323388, "sha512": "b22e9d2e031754dc3cc64e95df7049ff25103bef6cdf5bd58a7d1e3fd235572911dca03f8c5a28b225c49bf17af91b9fadf63e6e4c782b7888d887f1cbcccb75", "md5": "c41bf7551498f9511b14a076689a194b"}, "versioninfo": {}, "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/tkD:R2J50JCoZBrTZa+BrP1Db4QUod/Y", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/77c821d85bf81cea295a510fd27c3fbfac071260.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US", "NEUTRAL"], "pe_imphash": "9ac239abeaba6528b1495017c059b0f3", "peid_signatures": ["Crypto-Lock v2.02 (Eng) -> Ryan Thian"], "pe_filename": "77c821d85bf81cea295a510fd27c3fbfac071260", "pe_timestamp": "2007-04-28 02:06:46", "virus_type": "77c821d85bf81cea295a510fd27c3fbfac071260", "resource_attrs": {}, "section_attrs": {".rsrc": 7.658671696489629}, "signature": [], "infos": {"sha1": "77c821d85bf81cea295a510fd27c3fbfac071260", "name": "77c821d85bf81cea295a510fd27c3fbfac071260", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1c1643f9fa24ade122b61b28ade06f8ebc964750122592188e26ea5615b632f7", "crc32": "ADBD9C42", "path": "./extract/77c821d85bf81cea295a510fd27c3fbfac071260", "ssdeep": "768:o72L66O65u71BeRsLjW0+wPKARIGtdeCpopZVBe8cFMYQBMT/e45xg7FeCU:y226OiCeiLjWNG9ptdeWYDBlJBMT244u", "size": 44446, "sha512": "a5cbf071a92c3a29df0d5e477eebae9e6c210d1898a1b2a4b84822c6d321afe1820940ca8a5b8a53c1c40c517acb3307a4e2db20f34c842aaf6183a51caadceb", "md5": "5e85dfc4adb63bc4f554ef2008d6fe62"}, "versioninfo": {"InternalName": "project1", "FileVersion": "1.00", "ProductName": "Project1", "ProductVersion": "1.00", "Translation": "0x0409 0x04b0", "OriginalFilename": "project1.exe"}, "ssdeep": "768:o72L66O65u71BeRsLjW0+wPKARIGtdeCpopZVBe8cFMYQBMT/e45xg7FeCU:y226OiCeiLjWNG9ptdeWYDBlJBMT244u", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/79086717a20c8be4cf12c9503150db74513394bf.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "79086717a20c8be4cf12c9503150db74513394bf", "pe_timestamp": "2015-02-15 14:23:55", "virus_type": "79086717a20c8be4cf12c9503150db74513394bf", "resource_attrs": {}, "section_attrs": {".reloc": 0.08153941234324169, ".text": 5.4730361859119, ".rsrc": 4.967879069563017}, "signature": [], "infos": {"sha1": "79086717a20c8be4cf12c9503150db74513394bf", "name": "79086717a20c8be4cf12c9503150db74513394bf", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "8fbee937f2c8f60ae1e10ff138d7c61f2ea1ded83446d99df551f41685d98185", "crc32": "F91A966A", "path": "./extract/79086717a20c8be4cf12c9503150db74513394bf", "ssdeep": "1536:isO14IBbgVuhkypAnGl8Kd+twRT+pK1sR6kjHQEi9ack4:KM6kDQj9ac9", "size": 54272, "sha512": "f9010c42824b33dda94547e0de05538e60006563460c7ee060eeafb6be2c03a356c04fdad7f91aa144499a686f37410198f5904913bb9c4c5ce80dacd94ba7d1", "md5": "f068b668abaffb2a728cfeca305b77d6"}, "versioninfo": {"LegalCopyright": "Copyright \\xa9 2014", "Assembly Version": "1.1.8.1546", "InternalName": "upr.exe", "FileVersion": "1.1.8.1546", "ProductVersion": "1.1.8.1546", "FileDescription": " ", "Translation": "0x0000 0x04b0", "OriginalFilename": "upr.exe"}, "ssdeep": "1536:isO14IBbgVuhkypAnGl8Kd+twRT+pK1sR6kjHQEi9ack4:KM6kDQj9ac9", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/7be65d65446b4eaba91dab4fedca73033aaa4cd3.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "02cc303c39fb7e4d283dc478e6e522bc", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "7be65d65446b4eaba91dab4fedca73033aaa4cd3.bin", "pe_timestamp": "2011-04-09 00:41:55", "virus_type": "7be65d65446b4eaba91dab4fedca73033aaa4cd3", "resource_attrs": {}, "section_attrs": {".data": 7.823941135062873, ".rsrc": 2.2050438835760815}, "signature": [], "infos": {"sha1": "7be65d65446b4eaba91dab4fedca73033aaa4cd3", "name": "7be65d65446b4eaba91dab4fedca73033aaa4cd3.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "8771a87bb679ff4d8f3fe52ea73ce97b11d3c5de83373e9823d64a2a3e00b0ba", "crc32": "95159D0A", "path": "./extract/7be65d65446b4eaba91dab4fedca73033aaa4cd3.bin", "ssdeep": "6144:0GlV3HQOy218AluoKNDkD9hvJ4TyQOI5JgpcvqNplcS1e3PY:0SVG2buoZDnmT0Iw5p3SPY", "size": 262656, "sha512": "a1ebd9975effddc3f870e3930ac38f4682dcabcdd0ebd1ad08f63eae7365b13e1ae4243e3a480f91fa1427901d648116a4a17d924eccb104ec8429b36636038c", "md5": "270f0a18de73fcbf9c2abd9b940e0588"}, "versioninfo": {"InternalName": "blaky", "FileVersion": "1.00", "CompanyName": "Microsoft", "Comments": "Indispensable para el funcionamiento del sistema.", "ProductName": "WinFirewall", "ProductVersion": "1.00", "FileDescription": "Actualizacion de Windows de prioridad maxima", "Translation": "0x0409 0x04b0", "OriginalFilename": "blaky.exe"}, "ssdeep": "6144:0GlV3HQOy218AluoKNDkD9hvJ4TyQOI5JgpcvqNplcS1e3PY:0SVG2buoZDnmT0Iw5p3SPY", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "msvbvm60.dll": ["EVENT_SINK_GetIDsOfNames"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/7c52098cd6575e87618a817be25d0ae1582344cb.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "925d520f5293e67288768f2e5b5319f5", "peid_signatures": null, "pe_filename": "7c52098cd6575e87618a817be25d0ae1582344cb", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "7c52098cd6575e87618a817be25d0ae1582344cb", "resource_attrs": {}, "section_attrs": {".wde": 5.7672178592469825}, "signature": [], "infos": {"sha1": "7c52098cd6575e87618a817be25d0ae1582344cb", "name": "7c52098cd6575e87618a817be25d0ae1582344cb", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "8e0154d53d63683729cbffc6a1a8c92720c9d7241e21bedb39b43c0bcb06b659", "crc32": "4D01FD49", "path": "./extract/7c52098cd6575e87618a817be25d0ae1582344cb", "ssdeep": "1536:UVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:MmIBL59Si557H", "size": 74752, "sha512": "141889bce88b6b64aa44124600e9ad10724777f16c7a5322cbd30b45cf8055d4fad218056c2d2be627fa63d945e69073e129b37803bc18a01e6608a43754b3b8", "md5": "39d141259c48a329e50061e894c68fba"}, "versioninfo": {}, "ssdeep": "1536:UVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:MmIBL59Si557H", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["ceil"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["connect"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/81e867015474685f97df8984f511bab4.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": ["PECompact 2.xx --> BitSum Technologies"], "pe_filename": "81e867015474685f97df8984f511bab4", "pe_timestamp": "2010-11-08 21:12:07", "virus_type": "81e867015474685f97df8984f511bab4", "resource_attrs": {}, "section_attrs": {".KaKa": 7.993487428588634, ".rsrc": 6.955501778622496}, "signature": [], "infos": {"sha1": "59afb5216f86ce53fada412628fb7f90ca4c2aa7", "name": "81e867015474685f97df8984f511bab4", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "e3797985169964b8e0818d4cffe5caaf609aa7a19ebd4e9da5ae49035d4df12e", "crc32": "EA469FBD", "path": "./extract/81e867015474685f97df8984f511bab4", "ssdeep": "1536:n432lC0zV8NdzeyeUV97jKjYW7J7Fga5KBTt+iFs0FPLJjo7URGGnr1gp7eBpAaN:RlC0zodyFUH7jKcWvgaEYgLIGnhgQ2E", "size": 97280, "sha512": "c69069bc3590a40b9db6b119b914ce5008d67e8983487ed11092a5163522b7dfa82af55eeb75d8b344b3a6bc11dfd9ef5601c742b8ad58b92ba9450f294e8f1b", "md5": "81e867015474685f97df8984f511bab4"}, "versioninfo": {"LegalCopyright": "adm-draco@live.com", "InternalName": "L2.exe System Anti Lagg", "FileVersion": "1,0,0,0", "CompanyName": "L2 Draco", "ProductName": "L2.exe", "ProductVersion": "1,0,0,0", "FileDescription": "By -KaKa-", "Translation": "0x0000 0x04e4"}, "ssdeep": "1536:n432lC0zV8NdzeyeUV97jKjYW7J7Fga5KBTt+iFs0FPLJjo7URGGnr1gp7eBpAaN:RlC0zodyFUH7jKcWvgaEYgLIGnhgQ2E", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/826c1e0f53edc03afec17a4551d4e881d7e7acff.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "826c1e0f53edc03afec17a4551d4e881d7e7acff", "pe_timestamp": "2014-07-18 06:48:22", "virus_type": "826c1e0f53edc03afec17a4551d4e881d7e7acff", "resource_attrs": {}, "section_attrs": {".data": 5.690657378680741, ".pdata": 5.7556005980228395, ".rdata": 5.052137408780137, ".text": 6.365929334978442, ".reloc": 6.900724136529656}, "signature": [], "infos": {"sha1": "826c1e0f53edc03afec17a4551d4e881d7e7acff", "name": "826c1e0f53edc03afec17a4551d4e881d7e7acff", "type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows", "sha256": "ca785d296066ed67359d4084a0171b97ca5010d9d9bab04ef71e358d89f00d43", "crc32": "D99CD4CA", "path": "./extract/826c1e0f53edc03afec17a4551d4e881d7e7acff", "ssdeep": "12288:YwKyjk5thE9HM7rcF1b+30CzWazHRdg8TIEVwCJpKZ7:YwK4k3S2U3+3FzRVVwCw", "size": 613358, "sha512": "677dcd8616b96096a8b3a56b4b0371ab5af90bb2480fac0acc6a8bc622c399b38e9b4997df10671dc5e3fd661b274814a46a94018dcf973816e04661225b8753", "md5": "c147fc09329e15c3621125a02cf6bad3"}, "versioninfo": {}, "ssdeep": "12288:YwKyjk5thE9HM7rcF1b+30CzWazHRdg8TIEVwCJpKZ7:YwK4k3S2U3+3FzRVVwCw", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/839ea24c02087aba7fb3913e11c8a4a6.json: -------------------------------------------------------------------------------- 1 | {"languages": ["RUSSIAN"], "pe_imphash": "96ebc9478bc2847e89056c738f81452c", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "839ea24c02087aba7fb3913e11c8a4a6", "pe_timestamp": "2007-03-25 21:26:42", "virus_type": "839ea24c02087aba7fb3913e11c8a4a6", "resource_attrs": {}, "section_attrs": {".rbss": 7.991525843082476, ".flat": 7.566628977798272, ".aspack": 5.800507864562779, "DexCrypt": 4.415011240719123, ".rsrc": 7.998598151665264}, "signature": [], "infos": {"sha1": "f3a3b2b0ca17851aa74a9356ad4b76f43eb12029", "name": "839ea24c02087aba7fb3913e11c8a4a6", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "462839063a61aff91799dc3a42a06e81fd958fefc033834e9555108a07aa0c07", "crc32": "377C619B", "path": "./extract/839ea24c02087aba7fb3913e11c8a4a6", "ssdeep": "6144:ModembSfcpQF9fyQIHKuEwcSybpQkJXSv6dpsdniOR/ZbrIBbl2KjWNA9AGitA6n:HTMFUzHW/dLdSdntwBbl2Kj38hDJl", "size": 496224, "sha512": "06c6759fc83f63ff639e1eb9875ece30cb25896f1b5d7a7b40a132a4bcee389b8886d8dfb56e9f9499b43d814f17a4053b9b6310c350207d5611232738d400f4", "md5": "839ea24c02087aba7fb3913e11c8a4a6"}, "versioninfo": {}, "ssdeep": "6144:ModembSfcpQF9fyQIHKuEwcSybpQkJXSv6dpsdniOR/ZbrIBbl2KjWNA9AGitA6n:HTMFUzHW/dLdSdntwBbl2Kj38hDJl", "static_imports": {"count": 4, "kernel32.dll": ["GetProcAddress", "GetModuleHandleA", "LoadLibraryA"], "winmm.dll": ["waveOutClose"], "gdi32.dll": ["BitBlt"], "user32.dll": ["GetDesktopWindow"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/840e9f12d553aa97025aa3d498d3f747.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "9def80276e1590e6955d3a661a899043", "peid_signatures": null, "pe_filename": "840e9f12d553aa97025aa3d498d3f747.bin", "pe_timestamp": "2011-11-06 03:05:56", "virus_type": "840e9f12d553aa97025aa3d498d3f747", "resource_attrs": {}, "section_attrs": {".newimp": 0.35416617154888463, ".ffff": 1.4019739349927458, ".bffff": 7.8281529443937075}, "signature": [], "infos": {"sha1": "ccfee647f49bd986b0bdd6e39f2b427e439cb757", "name": "840e9f12d553aa97025aa3d498d3f747.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "40c3678aa27f2d988dd6e990e17f71417d72b57a240dd4a3be79de42066f7c93", "crc32": "B461EC7F", "path": "./extract/840e9f12d553aa97025aa3d498d3f747.bin", "ssdeep": "1536:ChtYpVPjyVYI17Zss8S7Ahl9uUt2qpyUtAWwjCQRjB0lzvhO47kuABmPO:CQvAJ11s9S7G39EvUtORjB0lzJO4gQO", "size": 126976, "sha512": "83459b10a4af17bfd50dd43c1324381388396545727cb32afb5333a126d1281e59d25107b60e845a467d6400e581d51aa43840a42fab0e8464fcb99dd681348d", "md5": "840e9f12d553aa97025aa3d498d3f747"}, "versioninfo": {}, "ssdeep": "1536:ChtYpVPjyVYI17Zss8S7Ahl9uUt2qpyUtAWwjCQRjB0lzvhO47kuABmPO:CQvAJ11s9S7G39EvUtORjB0lzJO4gQO", "static_imports": {"count": 4, "version.dll": ["GetFileVersionInfoA"], "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"], "gdi32.dll": ["CreateFontA"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/84892320d4bcd312b03e7b6aa71fd67b.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "ea23fc29d95be057d4e7c6b77d74a60d", "peid_signatures": null, "pe_filename": "84892320d4bcd312b03e7b6aa71fd67b", "pe_timestamp": "2010-12-02 09:26:42", "virus_type": "84892320d4bcd312b03e7b6aa71fd67b", "resource_attrs": {}, "section_attrs": {".0data": 7.995018681754053, ".text": 5.214258951239585, ".rsrc": 3.9410928982580176}, "signature": [], "infos": {"sha1": "970e7b8920826703b266678b45802d5273381531", "name": "84892320d4bcd312b03e7b6aa71fd67b", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "c14bc13e61414ccbee6d9398968cebf84a296188f6c4827064157c93d6baa78e", "crc32": "0DD44EBA", "path": "./extract/84892320d4bcd312b03e7b6aa71fd67b", "ssdeep": "3072:BJCD548iJinhQGgD/rFcwdIXtekADVXd1vKnfTd:yxnw/e9Xtq9/Snrd", "size": 131072, "sha512": "5172f9b632b9a62ea5c8e366d189bed4c370c76c5c160fa997ad7b95cf271747a1a4d95483cec4ea81490df77aca96535c3e2fe4a8ed3300d994ef899c6ba007", "md5": "84892320d4bcd312b03e7b6aa71fd67b"}, "versioninfo": {"InternalName": "OlalaTheWorld", "FileVersion": "1.00", "ProductName": "DungCoi", "ProductVersion": "1.00", "Translation": "0x0409 0x04b0", "OriginalFilename": "OlalaTheWorld.exe"}, "ssdeep": "3072:BJCD548iJinhQGgD/rFcwdIXtekADVXd1vKnfTd:yxnw/e9Xtq9/Snrd", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/8496eca144c3cc33baec161869bb569c560e1b1b.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "2826c08a21d9373d1c44ebebce3fad34", "peid_signatures": null, "pe_filename": "8496eca144c3cc33baec161869bb569c560e1b1b", "pe_timestamp": "2006-10-28 19:07:58", "virus_type": "8496eca144c3cc33baec161869bb569c560e1b1b", "resource_attrs": {}, "section_attrs": {}, "signature": [], "infos": {"sha1": "8496eca144c3cc33baec161869bb569c560e1b1b", "name": "8496eca144c3cc33baec161869bb569c560e1b1b", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows", "sha256": "b49b7fa979078d75d51c192934eb48ed4617dc70689d9d7f766a339d9fe29459", "crc32": "1F514994", "path": "./extract/8496eca144c3cc33baec161869bb569c560e1b1b", "ssdeep": "192:j0SBYSXCLsjRF7YzoLjUtk/tNeBzseqgjFa8kh/A7ux5Au:RBYSXCcYsLjtAbSxr", "size": 10752, "sha512": "c5199067eb7c960f7ee415ee223a3f91c94965632a932b99503a7a89d0b7bfa8092cde09c52828d7a6b70684f4885060f77de72b9d2626d8e47d7a958e1b7e37", "md5": "bb3321a134b01a5cc6a7a54b819dee66"}, "versioninfo": {}, "ssdeep": "192:j0SBYSXCLsjRF7YzoLjUtk/tNeBzseqgjFa8kh/A7ux5Au:RBYSXCcYsLjtAbSxr", "static_imports": {"count": 5, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect"], "MSVCRT.dll": ["free"], "ADVAPI32.dll": ["OpenProcessToken"], "WS2_32.dll": ["ioctlsocket"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/8773f4645b534c399e785cfb04dad87733d19d76.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "d9f733168310a1af34d05ef41d3769a8", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "8773f4645b534c399e785cfb04dad87733d19d76", "pe_timestamp": "2009-09-11 18:52:45", "virus_type": "8773f4645b534c399e785cfb04dad87733d19d76", "resource_attrs": {}, "section_attrs": {".data": 7.400842169162301, ".rsrc": 7.783065432812682}, "signature": [], "infos": {"sha1": "8773f4645b534c399e785cfb04dad87733d19d76", "name": "8773f4645b534c399e785cfb04dad87733d19d76", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "42ac32e99741c52c030c083f19c5d8d563aa90b4b06954f89d7afc3d76952dd8", "crc32": "256E8317", "path": "./extract/8773f4645b534c399e785cfb04dad87733d19d76", "ssdeep": "12288:DMm14WS1/gOX6BNqb9EubWKqC1bBw8+EgFK:DMS4hgOKrY1bWKNN+EgK", "size": 555520, "sha512": "aec7707d7965f0dc29b1d407a1825f0031405d3735f877d5877ed40df098768c63e3f2354ea67f4bb168126489d9a96bf5fc10e7065130f3baec57fd03e8fa18", "md5": "47d1fe7f9cfc8bac68f00b4310f9e328"}, "versioninfo": {}, "ssdeep": "12288:DMm14WS1/gOX6BNqb9EubWKqC1bBw8+EgFK:DMS4hgOKrY1bWKNN+EgK", "static_imports": {"count": 4, "wrapper.dll": ["?StartWrapper@@YAHXZ"], "kernel32.dll": ["RaiseException"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/888894ec4d0fddc60f6ae76204e89b66.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "be19e18d6a8b41631d40059031a928bb", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "888894ec4d0fddc60f6ae76204e89b66", "pe_timestamp": "2011-03-13 05:36:38", "virus_type": "888894ec4d0fddc60f6ae76204e89b66", "resource_attrs": {}, "section_attrs": {"UPX1": 7.8282581834081, ".rsrc": 3.1918787248670077}, "signature": [], "infos": {"sha1": "afbc965a914a2dff30c1b5efd7aca40072b198f7", "name": "888894ec4d0fddc60f6ae76204e89b66", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "cc7d34825c5126329b7d2e117fa270cf2b1eeae4803dfd2ec344184f16399713", "crc32": "F31896CD", "path": "./extract/888894ec4d0fddc60f6ae76204e89b66", "ssdeep": "6144:xz7rhQ1m2GuKlpEwrVqdcdnr03bVDbxVkWSo/sp0pxj/:xzxQ1euKNVqydnr03Jk2sepR/", "size": 254464, "sha512": "d41027dd5b416d121fc3596c65b322fb8f3f4726b4a7751cbc311adac51c5a1c9a2e1dd81cf5578f2bb6a77bd49156f880cc0dd3ca4c903dcfbd071185e108c8", "md5": "888894ec4d0fddc60f6ae76204e89b66"}, "versioninfo": {"InternalName": "top", "FileVersion": "1.00", "CompanyName": "Top", "ProductName": "Project1", "ProductVersion": "1.00", "Translation": "0x0409 0x04b0", "OriginalFilename": "top.exe"}, "ssdeep": "6144:xz7rhQ1m2GuKlpEwrVqdcdnr03bVDbxVkWSo/sp0pxj/:xzxQ1euKNVqydnr03Jk2sepR/", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/8b3d4e98e1fa34898a0c554f704681d6e52ef0e8.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "925d520f5293e67288768f2e5b5319f5", "peid_signatures": null, "pe_filename": "8b3d4e98e1fa34898a0c554f704681d6e52ef0e8", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "8b3d4e98e1fa34898a0c554f704681d6e52ef0e8", "resource_attrs": {}, "section_attrs": {".wde": 5.7672178592469825}, "signature": [], "infos": {"sha1": "8b3d4e98e1fa34898a0c554f704681d6e52ef0e8", "name": "8b3d4e98e1fa34898a0c554f704681d6e52ef0e8", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "2d84f72a0fe29660ffd2eec288922add4480082f9fd1470c28e9730f191f1950", "crc32": "083C720A", "path": "./extract/8b3d4e98e1fa34898a0c554f704681d6e52ef0e8", "ssdeep": "1536:UVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:MmIBL59Si557H", "size": 74752, "sha512": "7398d67442de9491197cd4a881d10d826638843d15a3f121136b013add1f57c304b9422d0bc989610a12a9151e88c46ea6804158aa6c3c870cb7e739d03bb99c", "md5": "f67f88e46bdc15ee30a7b4e71fcd7a53"}, "versioninfo": {}, "ssdeep": "1536:UVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:MmIBL59Si557H", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["ceil"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["connect"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/8f3de5d6fb7431da6cb07f970e1b63e6b9b89927.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "925d520f5293e67288768f2e5b5319f5", "peid_signatures": null, "pe_filename": "8f3de5d6fb7431da6cb07f970e1b63e6b9b89927", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "8f3de5d6fb7431da6cb07f970e1b63e6b9b89927", "resource_attrs": {}, "section_attrs": {".wde": 6.024734142074983}, "signature": [], "infos": {"sha1": "8f3de5d6fb7431da6cb07f970e1b63e6b9b89927", "name": "8f3de5d6fb7431da6cb07f970e1b63e6b9b89927", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "6180366f263e6939a6e888ea28ad40813287c85a139843d6f7aebe8db2440716", "crc32": "09BE14FD", "path": "./extract/8f3de5d6fb7431da6cb07f970e1b63e6b9b89927", "ssdeep": "1536:kVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:cmIBL59Si557H", "size": 70656, "sha512": "06e8c6b0d3fa5667cfb46cd36393028103c3738e38df5f6e8ca835d2e6051a9d7c818dab1a9f4c0ac9d0b30071d3f7109813b14bad9e4fcf9872d90ee70757f6", "md5": "3149b9a5e471da9d8f5606d16ced3bd3"}, "versioninfo": {}, "ssdeep": "1536:kVPWBLriJzs5eLsSLREX7i55Y2o7EgUVn:cmIBL59Si557H", "static_imports": {"count": 7, "SHELL32.dll": ["ShellExecuteA"], "KERNEL32.DLL": ["GetProcAddress", "GetModuleHandleA", "VirtualAlloc", "VirtualProtect", "VirtualFree"], "MSVCRT.dll": ["ceil"], "OLEAUT32.dll": ["GetErrorInfo"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["connect"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/92e9e28102a7d96e041bc43e38a33402.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "SPANISH", "SPANISH_MODERN"], "pe_imphash": "4b0c8e9fc721d0cf3a17360ae83d7925", "peid_signatures": null, "pe_filename": "92e9e28102a7d96e041bc43e38a33402", "pe_timestamp": "2008-12-06 18:48:56", "virus_type": "92e9e28102a7d96e041bc43e38a33402", "resource_attrs": {}, "section_attrs": {".tdata": 7.994439381187109, ".rsrc": 1.8382426723309138, ".": 6.8993580125742895}, "signature": [], "infos": {"sha1": "5f829827fc3c78f6076a1a4ebcafcec8afcc2085", "name": "92e9e28102a7d96e041bc43e38a33402", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "ffc796871e7267c44417f71750b2df9388e86e35c50421167ffbe94f2854a2af", "crc32": "A61E452C", "path": "./extract/92e9e28102a7d96e041bc43e38a33402", "ssdeep": "1536:B8igSdFZ7LWIEDUFOCNFLqHKunSXlbzClwMGi4P0PTrz7AbolA5:qv+5LWImCf6Kun0FuGMzr9s", "size": 112150, "sha512": "cf402e702c620d2637e36962dbe1a4eb503995579dbd43345767b33287be696f3a03a7bdd8f2700619fb8e72ad723ab41929fc353dee4aa8f1a22b9803a5c99a", "md5": "92e9e28102a7d96e041bc43e38a33402"}, "versioninfo": {}, "ssdeep": "1536:B8igSdFZ7LWIEDUFOCNFLqHKunSXlbzClwMGi4P0PTrz7AbolA5:qv+5LWImCf6Kun0FuGMzr9s", "static_imports": {"count": 1, "MSVBVM60.DLL": ["DllFunctionCall", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/93efeef545b1114de92c3fbb4bb907c6b72014a1.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "827ae9e92f0226e668e5b65613328163", "peid_signatures": null, "pe_filename": "93efeef545b1114de92c3fbb4bb907c6b72014a1", "pe_timestamp": "2007-01-16 07:04:54", "virus_type": "93efeef545b1114de92c3fbb4bb907c6b72014a1", "resource_attrs": {}, "section_attrs": {".ssd8": 7.99317880760365}, "signature": [], "infos": {"sha1": "93efeef545b1114de92c3fbb4bb907c6b72014a1", "name": "93efeef545b1114de92c3fbb4bb907c6b72014a1", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "c01652c09b9e93f8cd0ee9c096b7a079121e11a72ad50c7cf628bd029f6334ac", "crc32": "836EF0C4", "path": "./extract/93efeef545b1114de92c3fbb4bb907c6b72014a1", "ssdeep": "1536:Sv7L40pCXpoffp0pXID4kuqEwdUOPa5LxwgkE02BTBdULKhZjyKpd:Sv7L40pCu50pYD45nsUOALqABP/KO", "size": 77234, "sha512": "ed6eecfd032ede8c85791cd0d53c3cd33397da9909a86706acf06f9b181d52b1a68e1633c873a4fee184953a4002ad1191191157dd1e3f4faf79070ef959b222", "md5": "233df739a9ee3d46277e66c5e97ddbf1"}, "versioninfo": {}, "ssdeep": "1536:Sv7L40pCXpoffp0pXID4kuqEwdUOPa5LxwgkE02BTBdULKhZjyKpd:Sv7L40pCu50pYD45nsUOALqABP/KO", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress", "VirtualAlloc", "VirtualFree", "VirtualProtect"], "WS2_32.dll": ["inet_addr"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/95d7cdc9264f46a3f6f0c49206729c13ca4b16ac.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "KOREAN"], "pe_imphash": "7d523e1e81748d79f88b5e5f950653ed", "peid_signatures": null, "pe_filename": "95d7cdc9264f46a3f6f0c49206729c13ca4b16ac", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "95d7cdc9264f46a3f6f0c49206729c13ca4b16ac", "resource_attrs": {}, "section_attrs": {".aspack": 6.310429049878726, "CODE": 7.99852426551759, ".rsrc": 6.753396490032676, ".idata": 7.692776820895226, ".rdata": 0.2005819074398449, "DATA": 7.8706109383260285}, "signature": [], "infos": {"sha1": "95d7cdc9264f46a3f6f0c49206729c13ca4b16ac", "name": "95d7cdc9264f46a3f6f0c49206729c13ca4b16ac", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "588d598dc12b94447bd2b221ea297a747ac4db1a4e9dba39940bf7f26b81cbb0", "crc32": "FC348062", "path": "./extract/95d7cdc9264f46a3f6f0c49206729c13ca4b16ac", "ssdeep": "3072:xF6GQADhsNEjfVOsYGZJ+L1cgocAPTwWfK0gCcGSiuiekVDyk5uV2:K1shsyfVHT+y/cKwWi0NcG2ik6", "size": 170496, "sha512": "33dc62f5102d3dff9867bb720f5f42104d8df7690d5d675a8f0ea77ae534fd15d90eb1f84a643859c5c822f0d1bd1e992db2c8fd50736a7470708ddbb0a9683b", "md5": "5ba10750ede784837bc28db41219a74d"}, "versioninfo": {}, "ssdeep": "3072:xF6GQADhsNEjfVOsYGZJ+L1cgocAPTwWfK0gCcGSiuiekVDyk5uV2:K1shsyfVHT+y/cKwWi0NcG2ik6", "static_imports": {"count": 13, "urlmon.dll": ["URLDownloadToFileA"], "version.dll": ["VerQueryValueA"], "gdi32.dll": ["UnrealizeObject"], "shell32.dll": ["ShellExecuteA"], "kernel32.dll": ["GetProcAddress", "GetModuleHandleA", "LoadLibraryA"], "oleaut32.dll": ["SafeArrayPtrOfIndex"], "advapi32.dll": ["StartServiceCtrlDispatcherA"], "user32.dll": ["CreateWindowExA"], "comctl32.dll": ["ImageList_SetIconSize"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4", "resource_attrs": {}, "section_attrs": {"CODE": 7.940313028413351}, "signature": [], "infos": {"sha1": "963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4", "name": "963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "c63162536e389b144275ec8aa494d9257190c321a5d24615acbb6f3c702491d4", "crc32": "BE95ADC2", "path": "./extract/963cf45a57fea7c9b9142d5dcfe1ecd5f978e7d4", "ssdeep": "6144:pXPPNILBAQ2sT1ZexiQf/u/O4S7RWUxZzDHv0XUHb1QEEWY:JPNILBP134/u/O4SdRxZzT75pEL", "size": 284245, "sha512": "63f49358edd101fa8122f08b3cebc27fb86124afa5fd6192796f528eec22b2318df8ccd67050a50de65c6dfbb399c6480e5a0ea33da2e194ea2c9b33843706de", "md5": "476ff6c7bb0d69e9635a08fe11996823"}, "versioninfo": {}, "ssdeep": "6144:pXPPNILBAQ2sT1ZexiQf/u/O4S7RWUxZzDHv0XUHb1QEEWY:JPNILBP134/u/O4SdRxZzT75pEL", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/9a975db8ff64827a9d556ac3b4701cdd0266f60e.json: -------------------------------------------------------------------------------- 1 | {"languages": ["KAZAK", "DEFAULT", "NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "fc39d6bcccc6aed12cc7b3f6f5003c3e", "peid_signatures": null, "pe_filename": "9a975db8ff64827a9d556ac3b4701cdd0266f60e", "pe_timestamp": "2055-05-26 02:10:40", "virus_type": "9a975db8ff64827a9d556ac3b4701cdd0266f60e", "resource_attrs": {}, "section_attrs": {".text": 4.519137053272495, ".rsrc": 4.722530942564787}, "signature": [], "infos": {"sha1": "9a975db8ff64827a9d556ac3b4701cdd0266f60e", "name": "9a975db8ff64827a9d556ac3b4701cdd0266f60e", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "65548fb2fe732f7cee4283e3c443e1f40667314eb9948c89a4c7facd85f99e77", "crc32": "A5F035A5", "path": "./extract/9a975db8ff64827a9d556ac3b4701cdd0266f60e", "ssdeep": "3072:7IdcFLEdsCgrt05bnwhVh6PTPqYKvSMkO3xZnp:0WVZ0xCVh6GfSMkcx1", "size": 253952, "sha512": "2f40acb51356a2f352129d914f51453fcbf8c43610d556b8cde06f179fb03643e07dc6e9009da400537645430bb35df03a1d26a0451164eee14b4a2963f6cbb9", "md5": "6e18618513ef6bb6ac6ea1c3ccdb6484"}, "versioninfo": {"InternalName": "LR4PuEZ", "FileVersion": "14.653.0558", "CompanyName": "DzYRg4pL505B0", "ProductName": "QZUGJEj2ZnhrU", "ProductVersion": "14.653.0558", "Translation": "0x0409 0x04b0", "OriginalFilename": "LR4PuEZ.exe"}, "ssdeep": "3072:7IdcFLEdsCgrt05bnwhVh6PTPqYKvSMkO3xZnp:0WVZ0xCVh6GfSMkcx1", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/9f0090ac0a5b6bb778f03367a8929fd5.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "f12187ffa249a4ac05231127d2d5a9df", "peid_signatures": null, "pe_filename": "9f0090ac0a5b6bb778f03367a8929fd5", "pe_timestamp": "2002-08-24 16:28:44", "virus_type": "9f0090ac0a5b6bb778f03367a8929fd5", "resource_attrs": {}, "section_attrs": {"UPX1": 7.902131477357321, ".SUPX1": 7.992288738481814, ".rsrc": 3.7641179322640497}, "signature": [], "infos": {"sha1": "0a75fe390cb72a92d5c934ae87c99d442b38ef9d", "name": "9f0090ac0a5b6bb778f03367a8929fd5", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "049a10d3191d078ece4dba5db3500f9acdff50138ab3c940a4f937745e6f5852", "crc32": "3A7719A5", "path": "./extract/9f0090ac0a5b6bb778f03367a8929fd5", "ssdeep": "12288:YMDjY1uFRHXRAFs7hxHq4od0u7mRpZjsPkFU9/oqBRVOGVS:njmKRHXEsTK/doRzXQXOG0", "size": 492024, "sha512": "ff8fe49c6236262a36f1578ef341469602675d5a9f61c2d4a6e30294a73b9b7d7f5cfd9b20cdd253830f69557ae10f88cf66d4b7f5e6a0fb88370b9d5458656c", "md5": "9f0090ac0a5b6bb778f03367a8929fd5"}, "versioninfo": {}, "ssdeep": "12288:YMDjY1uFRHXRAFs7hxHq4od0u7mRpZjsPkFU9/oqBRVOGVS:njmKRHXEsTK/doRzXQXOG0", "static_imports": {"count": 7, "imagehlp.dll": ["MakeSureDirectoryPathExists"], "GDI32.dll": ["BitBlt"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "SHELL32.dll": ["ShellExecuteA"], "SHLWAPI.dll": ["PathAppendA"], "USER32.dll": ["GetDC"], "COMCTL32.dll": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/a1b0fa099b87aa9e453ea50781a99a27.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "82bf60972af8dcae3a06893ac6561b87", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "a1b0fa099b87aa9e453ea50781a99a27", "pe_timestamp": "2008-10-23 20:43:21", "virus_type": "a1b0fa099b87aa9e453ea50781a99a27", "resource_attrs": {}, "section_attrs": {"UPX2": 3.259446649325535, "UPX1": 7.905594705249229}, "signature": [], "infos": {"sha1": "caadbfb11768c31f4f216a9ec713421d7947865d", "name": "a1b0fa099b87aa9e453ea50781a99a27", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "ed3a3a8597c6b21442ddb2a67a47f8501b2485a8135899a5a42aba1e2ec33513", "crc32": "F7DAED01", "path": "./extract/a1b0fa099b87aa9e453ea50781a99a27", "ssdeep": "1536:fJDPyu3HxxeWBKHYeoe6nwT4QvwQ8MmiZISC74OI67CdSzpqPyS:hDneW/y6ne4QX8K6I67Gx", "size": 80382, "sha512": "1c29d8b43239e37a23167b8cd333db27cc1cb7bb76759a393265ebfed41e87e777600a5452d848bf74122547e87c61da5a1043735f7e979a3e9fabd403df3446", "md5": "a1b0fa099b87aa9e453ea50781a99a27"}, "versioninfo": {}, "ssdeep": "1536:fJDPyu3HxxeWBKHYeoe6nwT4QvwQ8MmiZISC74OI67CdSzpqPyS:hDneW/y6ne4QX8K6I67Gx", "static_imports": {"count": 6, "SHELL32.dll": ["SHFileOperationA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["malloc"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["ntohs"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/a2055df7367ad0d603390c43bf2dfc6e82b02561.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "peid_signatures": null, "pe_filename": "a2055df7367ad0d603390c43bf2dfc6e82b02561", "pe_timestamp": "1989-08-15 05:38:27", "virus_type": "a2055df7367ad0d603390c43bf2dfc6e82b02561", "resource_attrs": {}, "section_attrs": {".data": 7.97380326274381, ".text": 6.165518187643283}, "signature": [], "infos": {"sha1": "a2055df7367ad0d603390c43bf2dfc6e82b02561", "name": "a2055df7367ad0d603390c43bf2dfc6e82b02561", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "c435e8ace0647c95a87b75dfa49a46f01a9a516a56877ba54c3beca95f1fc22e", "crc32": "59F97BF8", "path": "./extract/a2055df7367ad0d603390c43bf2dfc6e82b02561", "ssdeep": "768:qQWBsuar2vuOEywpXQ166euyL8r/Gp7l6BiUWK3qesTizk1syMJ9jnwce:4BsuarouOEyQuZr/GX6xNAyyMLjnwf", "size": 50176, "sha512": "4c82184078b8193a9ce37d0c857d2663f4afc8bcb5c0166a4a00a7d77ad69f1981c8eea59b23cca608757e8dfe6a13e72bc4a9b9084a4e5f9ce112047ed6f6e6", "md5": "f2ec08dc909fd9a41d6cf55011bffbf7"}, "versioninfo": {}, "ssdeep": "768:qQWBsuar2vuOEywpXQ166euyL8r/Gp7l6BiUWK3qesTizk1syMJ9jnwce:4BsuarouOEyQuZr/GX6xNAyyMLjnwf", "static_imports": {"count": 1, "KERNEL32.dll": ["LoadLibraryA", "GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/a23f5b057ccdafc593ff847573b5fe21.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "541b27a206b8db01f0ed492f975825ac", "peid_signatures": null, "pe_filename": "a23f5b057ccdafc593ff847573b5fe21", "pe_timestamp": "2011-11-03 16:52:00", "virus_type": "a23f5b057ccdafc593ff847573b5fe21", "resource_attrs": {}, "section_attrs": {".MPRESS1": 7.997216073379517, ".MPRESS2": 6.59402208700708, ".rsrc": 3.390863646540623}, "signature": [], "infos": {"sha1": "ef7a89d43242fdad20aee9aa3bb22e4d76c6a7dc", "name": "a23f5b057ccdafc593ff847573b5fe21", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "20bada1c03281f59b120f2c4889b0616c2fe77a026e90d5142704c8fdf62c3a5", "crc32": "0469F100", "path": "./extract/a23f5b057ccdafc593ff847573b5fe21", "ssdeep": "6144:u68y3+b1wV+NVXK30upYosWZ3tOUxuYG/nP:7v+bOVqt20rWbVx9G/P", "size": 201216, "sha512": "f1c083c615e5031d8908680e9149710db5f5733b82d509734a091e059c533ddd88b5d67c1b99b0ccf79cbf3d5a0c1b2d50715ad7ea98805da1a8fd3282ddebb4", "md5": "a23f5b057ccdafc593ff847573b5fe21"}, "versioninfo": {"LegalCopyright": "copytite2111", "InternalName": "Ahmadd", "FileVersion": "1.01.0002", "CompanyName": "SaMi--DZ Toll", "LegalTrademarks": "\\u062d\\u0637 \\u0628\\u0631\\u0643", "Comments": "widows Toll", "ProductName": "Fud", "ProductVersion": "1.01.0002", "FileDescription": "copytite 2011", "Translation": "0x0409 0x04b0", "OriginalFilename": "Ahmadd.exe"}, "ssdeep": "6144:u68y3+b1wV+NVXK30upYosWZ3tOUxuYG/nP:7v+bOVqt20rWbVx9G/P", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "USER32.dll": ["DefWindowProcA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/a2e91a03c1cebb3f0f1e1f1af95678be36913130.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "ccae7705d3bafed6b8f5ee79b27d03ec", "peid_signatures": null, "pe_filename": "a2e91a03c1cebb3f0f1e1f1af95678be36913130", "pe_timestamp": "2007-08-17 06:05:16", "virus_type": "a2e91a03c1cebb3f0f1e1f1af95678be36913130", "resource_attrs": {}, "section_attrs": {"Themida ": 7.846828921565729, ".idata ": 1.4352454442333689}, "signature": [], "infos": {"sha1": "a2e91a03c1cebb3f0f1e1f1af95678be36913130", "name": "a2e91a03c1cebb3f0f1e1f1af95678be36913130", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "b9386f2207bb3c7b3d90ee8ce2bdd5274efb66ea1afd8e4ef269fc1949a65fc0", "crc32": "70E00AD2", "path": "./extract/a2e91a03c1cebb3f0f1e1f1af95678be36913130", "ssdeep": "1536:6EKO32sWLTdAzMPogppZ5gMmlrBUdddHx3/i56HSB9:1K+WTmIPogppXgZlqPi56HSB9", "size": 50400, "sha512": "0e7abe1668649d9bb0121a585d9b26461df93a2b53f3642b001f771f1ba53e0bb3e998e129b906060ef148fe3dba74e41797f02e59e700aa1becf445bd0b4a01", "md5": "0eeb751c90612c4e6419245e9c478ad3"}, "versioninfo": {}, "ssdeep": "1536:6EKO32sWLTdAzMPogppZ5gMmlrBUdddHx3/i56HSB9:1K+WTmIPogppXgZlqPi56HSB9", "static_imports": {"count": 2, "KERNEL32.dll": ["CreateFileA", "ExitProcess"], "COMCTL32.dll": ["InitCommonControls"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/a84b57a7c0ead4dadee1250ec01d9d873d26f0a2.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "CHINESE", "CHINESE_SIMPLIFIED"], "pe_imphash": "6dce49c3d25455b8d4e9d7887aa74d54", "peid_signatures": null, "pe_filename": "a84b57a7c0ead4dadee1250ec01d9d873d26f0a2", "pe_timestamp": "2010-05-21 17:51:30", "virus_type": "a84b57a7c0ead4dadee1250ec01d9d873d26f0a2", "resource_attrs": {}, "section_attrs": {"UPX1": 7.197499892394856, ".rsrc": 1.6024383779219442}, "signature": [], "infos": {"sha1": "a84b57a7c0ead4dadee1250ec01d9d873d26f0a2", "name": "a84b57a7c0ead4dadee1250ec01d9d873d26f0a2", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "82d5e1c6d6e28b545cda47c9818f5f0e6810d18e980e9bcdf687c1eea367a470", "crc32": "F6033040", "path": "./extract/a84b57a7c0ead4dadee1250ec01d9d873d26f0a2", "ssdeep": "96:8I9KFegOihrYTC7TWxxlEIOsRHyTK7ATCRHvAlEiDB:XKUIETC7TEOqA3TLlEi9", "size": 9216, "sha512": "3bbd4b6dca85e143b1b3430a287dca3aa4e18c99e50cfe65dce54d0e48390145bafa8b76e0f457d8c62db5e7853497de8eb482508f6595327ad507a3ec59551c", "md5": "f717c0f837aaba87f74aefe7d6f80dd5"}, "versioninfo": {"InternalName": "lb111", "FileVersion": "1.00", "CompanyName": "\\u5fae\\u8f6f\\u4e2d\\u56fd", "ProductName": "Project1", "ProductVersion": "1.00", "Translation": "0x0804 0x04b0", "OriginalFilename": "lb111.exe"}, "ssdeep": "96:8I9KFegOihrYTC7TWxxlEIOsRHyTK7ATCRHvAlEiDB:XKUIETC7TEOqA3TLlEi9", "static_imports": {"count": 2, "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/afc65671f2e61e14b04a446fe293a96d.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_UK", "ENGLISH_US"], "pe_imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "peid_signatures": ["EXECrypt 1.0 -> ReBirth"], "pe_filename": "afc65671f2e61e14b04a446fe293a96d", "pe_timestamp": "2010-04-16 15:47:33", "virus_type": "afc65671f2e61e14b04a446fe293a96d", "resource_attrs": {}, "section_attrs": {".2UPX1": 7.997355354666707, "UPX1": 7.99921437152753, "CRPT": 7.017257682439769, ".rsrc": 5.793613861853235}, "signature": [], "infos": {"sha1": "cd8056efd5cdb9829989184d83bd7c7937bfa452", "name": "afc65671f2e61e14b04a446fe293a96d", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "f53a8600b5f36e495a21cffa59b73404dcb944c35a274bebef9f26e545696e19", "crc32": "FD7E38F6", "path": "./extract/afc65671f2e61e14b04a446fe293a96d", "ssdeep": "6144:cMqG1ITmyMN7sHTjaAz7KH4CWHitOSYG6mzcMuX+DHOIg:cMq6DszjaAaYCWH0OC6gd1DHOx", "size": 372120, "sha512": "9a9ddd836c35b2b65863c9f2e873cd134cb21dd81521bf1db4905947f680f9ab40badf2f12507b1e9c4320afbf368b34c01a268f66ab11bad3ba9ab71c6df2c1", "md5": "afc65671f2e61e14b04a446fe293a96d"}, "versioninfo": {"CompiledScript": "AutoIt v3 Script: 3, 3, 6, 1", "Translation": "0x0809 0x04b0", "FileVersion": "3, 3, 6, 1", "FileDescription": ""}, "ssdeep": "6144:cMqG1ITmyMN7sHTjaAz7KH4CWHitOSYG6mzcMuX+DHOIg:cMq6DszjaAaYCWH0OC6gd1DHOx", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b056d1ba8203411f77f479e4ae071e71dd2d98da.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "e01aebc4253b22aeb7f9ee15b84d8784", "peid_signatures": null, "pe_filename": "b056d1ba8203411f77f479e4ae071e71dd2d98da", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "b056d1ba8203411f77f479e4ae071e71dd2d98da", "resource_attrs": {}, "section_attrs": {"CODE": 6.4275530015735125, ".rsrc": 6.07668635026729, ".idata": 3.39716385923736, ".rdata": 0.2044881574398449, ".reloc": 6.0466823327944725, "DATA": 3.4972502456970327}, "signature": [], "infos": {"sha1": "b056d1ba8203411f77f479e4ae071e71dd2d98da", "name": "b056d1ba8203411f77f479e4ae071e71dd2d98da", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1905639342b0ffb1b251ed815ff3a03438f19c35381ca906ad15aacfce87e737", "crc32": "38347B0F", "path": "./extract/b056d1ba8203411f77f479e4ae071e71dd2d98da", "ssdeep": "3072:t4NGIuk7uCEyylDQ6hwp1KbKN2Ze+m/9vHz+:tIph75yl7wlNqeJ9vHz+", "size": 123904, "sha512": "5a781c5a68b0b6eab69d19cbd16cfdf66eeb0800bf2ed40c3e15f5d28394a8836803afbe4d82715cc827713b2917933e5b3fe4c3a59ac6d558c78a764e19d8d9", "md5": "4ec3ff19020e68a3804d0b02cda4c917"}, "versioninfo": {}, "ssdeep": "3072:t4NGIuk7uCEyylDQ6hwp1KbKN2Ze+m/9vHz+:tIph75yl7wlNqeJ9vHz+", "static_imports": {"count": 6, "advapi32.dll": ["RegQueryValueExA", "RegOpenKeyExA", "RegCloseKey"], "kernel32.dll": ["LoadLibraryExA", "GetTickCount"], "oleaut32.dll": ["SysFreeString", "SysReAllocStringLen", "SysAllocStringLen"], "user32.dll": ["GetKeyboardType", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b0b9048ac7cb6d553127b6b61602e1e8.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "7bcb4be8a284e4ec65e8f7af4ff9f3bc", "peid_signatures": null, "pe_filename": "b0b9048ac7cb6d553127b6b61602e1e8", "pe_timestamp": "2012-04-19 23:46:35", "virus_type": "b0b9048ac7cb6d553127b6b61602e1e8", "resource_attrs": {}, "section_attrs": {".MPRESS1": 4.972947548467171, ".MPRESS2": 5.018100602851341, ".rsrc": 2.0806245657541345}, "signature": [], "infos": {"sha1": "a2425ac8e3d7ca55ac1dfd8d9823ec8848e5bf56", "name": "b0b9048ac7cb6d553127b6b61602e1e8", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "41b11ad370b81054e8c503cd08106ea2bea5b633baf4596eea60988bc3733009", "crc32": "8960D17D", "path": "./extract/b0b9048ac7cb6d553127b6b61602e1e8", "ssdeep": "3072:aYfX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:aY2CE7KJDsCH8rsfuMdMWhMB", "size": 352256, "sha512": "b1c7a4c8a6460c24f917d8504c026658a2e524a876af9921d283d8b48790a16d19a8374edc1d7606e95d209017e5902e2ee7e41452c00a95112862c2a61bb6f3", "md5": "b0b9048ac7cb6d553127b6b61602e1e8"}, "versioninfo": {"LegalCopyright": "YqEOxx", "InternalName": "Stub", "FileVersion": "1.00", "CompanyName": "kJyvp", "Comments": "EbxVcYjnBQZi", "ProductName": "KKJNzszeqq", "ProductVersion": "1.00", "FileDescription": "QxThvdu", "Translation": "0x0409 0x04b0", "OriginalFilename": "Stub.exe"}, "ssdeep": "3072:aYfX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:aY2CE7KJDsCH8rsfuMdMWhMB", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b71afe0c780db7bfb206ab6dd62def9fd5730a33.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "b71afe0c780db7bfb206ab6dd62def9fd5730a33", "pe_timestamp": "2015-08-29 08:47:11", "virus_type": "b71afe0c780db7bfb206ab6dd62def9fd5730a33", "resource_attrs": {}, "section_attrs": {".reloc": 0.020463042411509404, ".text": 7.4567293554399825, ".rsrc": 3.6623780837866144}, "signature": [], "infos": {"sha1": "b71afe0c780db7bfb206ab6dd62def9fd5730a33", "name": "b71afe0c780db7bfb206ab6dd62def9fd5730a33", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "d29c48f61780990dfbb95dccd743d5854f1280c4a386d74d1a3b7c7262569e2e", "crc32": "0A2EAF90", "path": "./extract/b71afe0c780db7bfb206ab6dd62def9fd5730a33", "ssdeep": "3072:ZC3v7xNIXnN84MVV21VDrElAh0gx/+2U:I31acV0prEAh0gJRU", "size": 146557, "sha512": "a39fc06a664f771920711ed889a2e70218c7151df7792671b12b84bf89a837233028f1dd5f658e98c57536db3957760f5e55c12b0f88aafeb2f7f42ac167c872", "md5": "2829a09899143f17642b144b0c27eb77"}, "versioninfo": {"LegalCopyright": "Copyright (C) 2008-2012 J8tnb GTaRjJOa", "Assembly Version": "6.4.113.2534", "InternalName": "sznz68m.exe", "FileVersion": "6.4.113.2534", "CompanyName": "yuPD4NeO4W", "Comments": "jjCnl5JJW", "ProductName": "qJfdLyE4", "ProductVersion": "6.4.113.2534", "FileDescription": "qJfdLyE4", "Translation": "0x0000 0x04b0", "OriginalFilename": "sznz68m.exe"}, "ssdeep": "3072:ZC3v7xNIXnN84MVV21VDrElAh0gx/+2U:I31acV0prEAh0gJRU", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b810433140b5e375dfdd028e13df48e313dfde21.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "f433e7fcc51e68080022754836705744", "peid_signatures": ["EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)"], "pe_filename": "b810433140b5e375dfdd028e13df48e313dfde21", "pe_timestamp": "2007-09-06 20:19:08", "virus_type": "b810433140b5e375dfdd028e13df48e313dfde21", "resource_attrs": {}, "section_attrs": {"f1dfid6q": 7.535554635096208, "802izwe5": 7.990877820495184}, "signature": [], "infos": {"sha1": "b810433140b5e375dfdd028e13df48e313dfde21", "name": "b810433140b5e375dfdd028e13df48e313dfde21", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "d7c58ab7d48be1b9ad620b0f39c911a132eecd008c6e14686c9a28009e78d788", "crc32": "B9448B98", "path": "./extract/b810433140b5e375dfdd028e13df48e313dfde21", "ssdeep": "1536:5bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8gH:i/xJKlrFxHr0/IB8+Nm8gl82", "size": 103424, "sha512": "ee2f3a3d669909034c48d1d6de94d621a9aebab8019f14ce7a8ac9f2ced287145e47f49f88d4e25f59808141b6f666c3d6b23acaac1dfa7306ff967c46dce029", "md5": "f0eb6e1214afe9aee292c6918b4129f2"}, "versioninfo": {}, "ssdeep": "1536:5bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8gH:i/xJKlrFxHr0/IB8+Nm8gl82", "static_imports": {"count": 2, "kernel32.dll": ["GetModuleHandleA", "LoadLibraryA", "GetProcAddress", "ExitProcess", "VirtualAlloc", "VirtualFree"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b85d4343e6658cc9f572c5470e04290f04030630.json: -------------------------------------------------------------------------------- 1 | {"languages": ["RUSSIAN", "NEUTRAL"], "pe_imphash": "96b2e968c8d942b1c476ffc19880a760", "peid_signatures": null, "pe_filename": "b85d4343e6658cc9f572c5470e04290f04030630", "pe_timestamp": "2005-11-01 20:44:49", "virus_type": "b85d4343e6658cc9f572c5470e04290f04030630", "resource_attrs": {}, "section_attrs": {".data": 5.31959826355583, ".rsrc": 5.979289134637233}, "signature": [], "infos": {"sha1": "b85d4343e6658cc9f572c5470e04290f04030630", "name": "b85d4343e6658cc9f572c5470e04290f04030630", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "2b4c0b3e0900b084a1d7375587c42be18feae1f29a854035a8d41c2c31e0f042", "crc32": "3310A0EA", "path": "./extract/b85d4343e6658cc9f572c5470e04290f04030630", "ssdeep": "96:F30H0GV2/wUqGhjUyV7nS62sQC4o4fOYyTSzm9izZp43Z9N/qzV:x0H0G6wUqG9UyV7SM4o4feeEEZpaHgV", "size": 9728, "sha512": "16ada7a579d66534534c278c9d304a7a5e6955305bd415cbf925bf5a57b7de95beeaf0ded3544910371ee1fbc8541dc59ce0dc6fb05cb618a80609d473cc5f9f", "md5": "07afdb2e44637ecc5e3171ea62041e34"}, "versioninfo": {}, "ssdeep": "96:F30H0GV2/wUqGhjUyV7nS62sQC4o4fOYyTSzm9izZp43Z9N/qzV:x0H0G6wUqG9UyV7SM4o4feeEEZpaHgV", "static_imports": {"count": 4, "SHLWAPI.dll": ["StrToIntA"], "KERNEL32.dll": ["HeapAlloc", "GetCommandLineA", "GetTempPathA", "FindResourceA", "LoadResource", "LockResource", "DeleteFileA", "WaitForSingleObject", "CreateProcessA", "CloseHandle", "WriteFile", "CreateFileA", "GetModuleFileNameA", "GetTickCount", "GetProcessHeap"], "MSVCRT.dll": ["strlen", "_strlwr", "strcpy", "strcat", "strcmp"], "USER32.dll": ["LoadStringA", "wsprintfA", "GetForegroundWindow", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b89ce59f8e232aaa94281ec15a049426.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f5e3a89d0f3ed1b4e0156eaa149958ce", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "b89ce59f8e232aaa94281ec15a049426", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "b89ce59f8e232aaa94281ec15a049426", "resource_attrs": {}, "section_attrs": {".RUPX1": 7.994063371156795, "DexCrypt": 4.454802823200384, "UPX1": 7.75948077351757, ".rsrc": 5.57534998871275}, "signature": [], "infos": {"sha1": "7f17282a21c30ced90b66ea2ce1f3c4daa59544b", "name": "b89ce59f8e232aaa94281ec15a049426", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "f658bd88ddc7ee0bec8b4f2354cbf877a0a9a3f27e408dc9835f2732b0cf8973", "crc32": "71C8D06C", "path": "./extract/b89ce59f8e232aaa94281ec15a049426", "ssdeep": "6144:nCF/JUCXBBvsQnPx3i7ILOikUiV/+Ce7EVLxZzc2rnOo9CaLiZvHsEA:nEJHRBvsGSsLDby+CewVLxZzpOoEaskf", "size": 344708, "sha512": "021f418d9b04e2a364993e95b44b1bfe15ded8127834babbe69abd3dd5f473bbcbedfe341ccac62fc523d91f4651464e307335b08b861cfd7095b0843db541ba", "md5": "b89ce59f8e232aaa94281ec15a049426"}, "versioninfo": {}, "ssdeep": "6144:nCF/JUCXBBvsQnPx3i7ILOikUiV/+Ce7EVLxZzc2rnOo9CaLiZvHsEA:nEJHRBvsGSsLDby+CewVLxZzpOoEaskf", "static_imports": {"count": 9, "crypt32.dll": ["CryptUnprotectData"], "pstorec.dll": ["PStoreCreateInstance"], "shell32.dll": ["SHGetSpecialFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "rasapi32.dll": ["RasEnumEntriesA"], "oleaut32.dll": ["SysFreeString"], "advapi32.dll": ["LsaClose"], "ole32.dll": ["OleInitialize"], "user32.dll": ["ToAscii"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/b8e0615dedb839409ca6e74ae1cdce607873d2df.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "b8e0615dedb839409ca6e74ae1cdce607873d2df", "pe_timestamp": "2015-09-16 16:40:34", "virus_type": "b8e0615dedb839409ca6e74ae1cdce607873d2df", "resource_attrs": {}, "section_attrs": {".reloc": 0.07763316234324169, ".text": 5.45416662464332, ".rsrc": 4.01141337771622}, "signature": [], "infos": {"sha1": "b8e0615dedb839409ca6e74ae1cdce607873d2df", "name": "b8e0615dedb839409ca6e74ae1cdce607873d2df", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "328987807be6031ca952e96b4b6fac54828c61e1285c34bed6b674b3d249c942", "crc32": "40374C9A", "path": "./extract/b8e0615dedb839409ca6e74ae1cdce607873d2df", "ssdeep": "192:ryyQweVJb8mIqOd33xruZrqUDI7TlcRK7VhSyUQb6q8htKA0Bz7c13Lf:6weVJwmIqeRruqUDUhcRKpv+bhtKxS", "size": 15360, "sha512": "73f14a1f878131c146b6fcb93dc3e4561a603418e72e5ff77b0e46340c847926c41b069a4ca0a5649349d6360e2f08f0c60b73598e15eb3d5ebabb33428e0031", "md5": "6e5cb7657de79578750b6ba8755527bd"}, "versioninfo": {"LegalCopyright": "23423432", "Assembly Version": "5.1.3.6", "InternalName": "chb.exe", "FileVersion": "7.4.2.1", "CompanyName": "f234c4f234", "ProductName": "23rd234f2", "ProductVersion": "7.4.2.1", "FileDescription": "23423423423423", "Translation": "0x0000 0x04b0", "OriginalFilename": "chb.exe"}, "ssdeep": "192:ryyQweVJb8mIqOd33xruZrqUDI7TlcRK7VhSyUQb6q8htKA0Bz7c13Lf:6weVJwmIqeRruqUDUhcRKpv+bhtKxS", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/bc7b2d743b1f44f21ef6e774dfd2c409d107d620.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "c5f8c164ab5c8a7c23939c338d5313b0", "peid_signatures": null, "pe_filename": "bc7b2d743b1f44f21ef6e774dfd2c409d107d620", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "bc7b2d743b1f44f21ef6e774dfd2c409d107d620", "resource_attrs": {}, "section_attrs": {"CODE": 6.31013724924959, ".rsrc": 7.983757723151882, ".idata": 3.7171766070413454, ".rdata": 0.19743807838821048, ".reloc": 5.529914821759447, "DATA": 1.3071696110637494}, "signature": [], "infos": {"sha1": "bc7b2d743b1f44f21ef6e774dfd2c409d107d620", "name": "bc7b2d743b1f44f21ef6e774dfd2c409d107d620", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "892d1adfcb3a448d88624cd659b74ba2c3aab14c54482bd365c1427f76d3ce55", "crc32": "3DDC5D8B", "path": "./extract/bc7b2d743b1f44f21ef6e774dfd2c409d107d620", "ssdeep": "3072:zYS4WVK9XklZa4AceyTzraG/r/andwuxFZD8D1K6yFcSDkHtjH:l4JAa8xTzh/andnxF+UajjH", "size": 138240, "sha512": "a0f3e7ffc2df6a7719ed3eb21a2766a78ba48a7d096b8560e0dbdd58f43cd4bd359e8dd0d9d6644e302570806fe6fbd9eadcf1bbd653a976bcad472dd9d6f02a", "md5": "591256466815cdf58a623eade8769e02"}, "versioninfo": {}, "ssdeep": "3072:zYS4WVK9XklZa4AceyTzraG/r/andwuxFZD8D1K6yFcSDkHtjH:l4JAa8xTzh/andnxF+UajjH", "static_imports": {"count": 3, "kernel32.dll": ["LoadLibraryExA"], "oleaut32.dll": ["SysFreeString", "SysReAllocStringLen"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/bc989976afb95181804f64799c9051c0c74863f8.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "SWEDISH", "ENGLISH", "ENGLISH_US"], "pe_imphash": "4a36ba081599b6b7bb34691b756117da", "peid_signatures": null, "pe_filename": "bc989976afb95181804f64799c9051c0c74863f8", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "bc989976afb95181804f64799c9051c0c74863f8", "resource_attrs": {}, "section_attrs": {"CODE": 6.436722797232144, ".rsrc": 7.900295441719178, ".idata": 3.4890225368590393, ".rdata": 0.2456854693956308, ".reloc": 5.9214766208751275, "DATA": 3.1222139871657677}, "signature": [], "infos": {"sha1": "bc989976afb95181804f64799c9051c0c74863f8", "name": "bc989976afb95181804f64799c9051c0c74863f8", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "492636bdafe6ea83361917937ffbf396d16ccb92699e1fe77e308d06364be7fd", "crc32": "EA2385F0", "path": "./extract/bc989976afb95181804f64799c9051c0c74863f8", "ssdeep": "3072:PRkH7L77aIBvBhtE3DrudmoKALdLQptrf21ZZinEMgTL3y:Zk77aIR7e32drZZLQptCZZ3e", "size": 166912, "sha512": "3e2f8eae0711b81e31bc7716c699e2bf31f48832e92d8bb4a2c19c9f61d599a1a9101dd357854d0def6f279ac2ef55c9acb3590f79810fa6128681371d8eb54a", "md5": "a37161e667214428bafed13bf5cb60ab"}, "versioninfo": {}, "ssdeep": "3072:PRkH7L77aIBvBhtE3DrudmoKALdLQptrf21ZZinEMgTL3y:Zk77aIR7e32drZZLQptCZZ3e", "static_imports": {"count": 5, "advapi32.dll": ["RegQueryValueExA", "RegOpenKeyExA", "RegCloseKey"], "kernel32.dll": ["WriteFile", "VirtualProtect", "LoadLibraryA", "GetTickCount", "GetProcAddress", "GetModuleHandleA", "GetLastError", "FreeLibrary", "CreateFileA", "CloseHandle"], "user32.dll": ["GetKeyboardType", "MessageBoxA", "CharNextA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c01b6dd244ea92970ad48a9449b9342f866b86de.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "0b1dcf79a51b9a9bce9d7aa0201fe767", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "c01b6dd244ea92970ad48a9449b9342f866b86de", "pe_timestamp": "2009-12-04 21:35:59", "virus_type": "c01b6dd244ea92970ad48a9449b9342f866b86de", "resource_attrs": {}, "section_attrs": {"UPX1": 7.855719946713021, ".rsrc": 7.519631226203163}, "signature": [], "infos": {"sha1": "c01b6dd244ea92970ad48a9449b9342f866b86de", "name": "c01b6dd244ea92970ad48a9449b9342f866b86de", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "8be7e1f042b45b5ef9797bae6714d20f729292e905d8bdbf7114df45ac699652", "crc32": "BF0269EF", "path": "./extract/c01b6dd244ea92970ad48a9449b9342f866b86de", "ssdeep": "768:5JmcOw7c0MsIHZ4/7KSEGlhkqQwPU3lSbRjY65S6PKzvBOckL2r5K6j0IkWeVc/k:5PxvMsbjlhkqd+Sb6AYccHsDWeVjJuE", "size": 51016, "sha512": "79fd948af31fc1de34e446b67abde5d5e490beccaf8de7e0ee6d1f2a8f4867cf37cbb4fb77c176398ae646e08a923a34a3ab44e2e2ed9738713ef0d3e3a55661", "md5": "9cb6416c9581acb73c6511a3d166658e"}, "versioninfo": {}, "ssdeep": "768:5JmcOw7c0MsIHZ4/7KSEGlhkqQwPU3lSbRjY65S6PKzvBOckL2r5K6j0IkWeVc/k:5PxvMsbjlhkqd+Sb6AYccHsDWeVjJuE", "static_imports": {"count": 7, "WINMM.dll": ["timeGetTime"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "MSVCRT.dll": ["rand"], "ADVAPI32.dll": ["RegCloseKey"], "MFC42.DLL": [], "WS2_32.dll": ["htonl"], "USER32.dll": ["IsIconic"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c0b2967d8794e86f6e7fba6cd31a7ac4.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "7bcb4be8a284e4ec65e8f7af4ff9f3bc", "peid_signatures": null, "pe_filename": "c0b2967d8794e86f6e7fba6cd31a7ac4", "pe_timestamp": "2012-04-19 23:46:35", "virus_type": "c0b2967d8794e86f6e7fba6cd31a7ac4", "resource_attrs": {}, "section_attrs": {".MPRESS1": 4.972947548467171, ".MPRESS2": 5.018100602851341, ".rsrc": 2.0806245657541345}, "signature": [], "infos": {"sha1": "01ca9fc2340278d9c27e8cb52147a05d3a44d505", "name": "c0b2967d8794e86f6e7fba6cd31a7ac4", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "5a02ca991078d13f080cb97ea088fac0f1abc3d4427596ed2b52d75beae5193c", "crc32": "7E1BF369", "path": "./extract/c0b2967d8794e86f6e7fba6cd31a7ac4", "ssdeep": "3072:1YfX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:1Y2CE7KJDsCH8rsfuMdMWhMB", "size": 352256, "sha512": "6dcd2f856e11791a8f9f3600b0451672e1984b9f1b238a7dfbcd640f25591907c1ef2a31944541cb5bff50792dcaa51da1d9e280bf3d8a379175d9087cb5840a", "md5": "c0b2967d8794e86f6e7fba6cd31a7ac4"}, "versioninfo": {"LegalCopyright": "YqEOxx", "InternalName": "Stub", "FileVersion": "1.00", "CompanyName": "kJyvp", "Comments": "EbxVcYjnBQZi", "ProductName": "KKJNzszeqq", "ProductVersion": "1.00", "FileDescription": "QxThvdu", "Translation": "0x0409 0x04b0", "OriginalFilename": "Stub.exe"}, "ssdeep": "3072:1YfX0e1FB/DpKjCLHqSKnCE3WacMoJAEzACH8rsqJ8uVMdMWoQn+XBz:1Y2CE7KJDsCH8rsfuMdMWhMB", "static_imports": {"count": 2, "KERNEL32.DLL": ["GetModuleHandleA", "GetProcAddress"], "MSVBVM60.DLL": []}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c0f7ec4537283431d6370c609615cf38c1733411.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "f433e7fcc51e68080022754836705744", "peid_signatures": ["EXECryptor 2.2.4 -> Strongbit/SoftComplete Development (h1)"], "pe_filename": "c0f7ec4537283431d6370c609615cf38c1733411", "pe_timestamp": "2007-09-06 20:19:08", "virus_type": "c0f7ec4537283431d6370c609615cf38c1733411", "resource_attrs": {}, "section_attrs": {"f1dfid6q": 1.4822738479740547, "802izwe5": 7.990877820495184}, "signature": [], "infos": {"sha1": "c0f7ec4537283431d6370c609615cf38c1733411", "name": "c0f7ec4537283431d6370c609615cf38c1733411", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "7dbd77104f48ba32ae8a4476f9fa96fecb7dbe85d2200a2fe520ea684d0b4ff7", "crc32": "005F71C9", "path": "./extract/c0f7ec4537283431d6370c609615cf38c1733411", "ssdeep": "1536:7bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8g2:8/xJKlrFxHr0/IB8+Nm8gl8", "size": 107008, "sha512": "840230464711b6518abb2e8ec056ee07323c93c0ad05cfddd68b2ca9e074c143362ece9f9f5420585558d9aca12a2000a028b3ec62614b7c8b1c7004380c4d4f", "md5": "9ccf7bfcb02a2a512de35ec1aea943a1"}, "versioninfo": {}, "ssdeep": "1536:7bn0lL6vUGhbgrZssvy9TZVFlRdmPpY7VmOLj51xP77brQ6mugI/7t8l/kNcZ8g2:8/xJKlrFxHr0/IB8+Nm8gl8", "static_imports": {"count": 2, "kernel32.dll": ["GetModuleHandleA", "LoadLibraryA", "GetProcAddress", "ExitProcess", "VirtualAlloc", "VirtualFree"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c570daf08d4f57a933975ed33e5a5655.dl.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "d084eb3d36fc71e6a0fe67933ce11f3b", "peid_signatures": null, "pe_filename": "c570daf08d4f57a933975ed33e5a5655.dl", "pe_timestamp": "2009-06-20 18:08:57", "virus_type": "c570daf08d4f57a933975ed33e5a5655", "resource_attrs": {}, "section_attrs": {".ndata": 7.994658739425015, ".text": 5.145609798503871, ".rsrc": 5.939650057519473}, "signature": [], "infos": {"sha1": "ceb36314c3747a35c33a6f1e44e5322bbc51a6a4", "name": "c570daf08d4f57a933975ed33e5a5655.dl", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "812aa01fcb0d839fa23c8f58b8a100644bd3b1d17a8d75915f5bd8474b9f9ef2", "crc32": "9DDD9DF7", "path": "./extract/c570daf08d4f57a933975ed33e5a5655.dl", "ssdeep": "1536:/dJi7cvi6806YeGdrmzN11WAnRB+Gw/gDtEmJIDii:/H9vi6d6YeGdrENWir+BgbIDF", "size": 114688, "sha512": "7fd0c40662328ed97dc25e1604fa5dbb6f3fc77a54d8266e5704bd661c30d83274a31f3fa73858ec9832ce6773d0e0cc09c1901020c0a9a76108e915c535c5b5", "md5": "c570daf08d4f57a933975ed33e5a5655"}, "versioninfo": {"Translation": "0x0409 0x04b0", "CompanyName": "425 KB", "FileDescription": "Microsoft Word Document"}, "ssdeep": "1536:/dJi7cvi6806YeGdrmzN11WAnRB+Gw/gDtEmJIDii:/H9vi6d6YeGdrENWir+BgbIDF", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c5d7902a1b5bb55cf98a15707e5d99b0404d866d.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "806c6c39e4466868c6ec824adbddb19e", "peid_signatures": null, "pe_filename": "c5d7902a1b5bb55cf98a15707e5d99b0404d866d", "pe_timestamp": "2013-05-18 18:48:29", "virus_type": "c5d7902a1b5bb55cf98a15707e5d99b0404d866d", "resource_attrs": {}, "section_attrs": {"UPX2": 3.963083670972701, "UPX1": 7.923783722710813}, "signature": [], "infos": {"sha1": "c5d7902a1b5bb55cf98a15707e5d99b0404d866d", "name": "c5d7902a1b5bb55cf98a15707e5d99b0404d866d", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "daec494b0368f3a5bdcd994867a8db73c1438703ed2d9dca15c9da3d95868206", "crc32": "32289411", "path": "./extract/c5d7902a1b5bb55cf98a15707e5d99b0404d866d", "ssdeep": "3072:96iaKmF2bRDIiaFfsYXfPFVEcbSVISf1A7K3JchVXXama4Uynae:9JaRFqezCoPF6I2eKZgJjZUyae", "size": 155648, "sha512": "5d0995c758962d1fb9d5d91e269e1d04e582f9ee94fb449dcccbaf35f1d56dd737bd143764a290472bc0e73042a685e780fbd90e9650b63e8c27dfbe4fdad386", "md5": "c17d1696e11b611f282ec46ba620dc6c"}, "versioninfo": {}, "ssdeep": "3072:96iaKmF2bRDIiaFfsYXfPFVEcbSVISf1A7K3JchVXXama4Uynae:9JaRFqezCoPF6I2eKZgJjZUyae", "static_imports": {"count": 7, "WININET.dll": ["InternetOpenW"], "SHELL32.dll": ["SHGetFolderPathW"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "ADVAPI32.dll": ["RegCloseKey"], "ole32.dll": ["CoInitialize"], "WS2_32.dll": ["ntohl"], "USER32.dll": ["wsprintfW"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c606145bcf68b4bb27351752b2eb2520.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "3e9df19453971adde27dc23311ba8014", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "c606145bcf68b4bb27351752b2eb2520.bin", "pe_timestamp": "2011-12-03 17:48:53", "virus_type": "c606145bcf68b4bb27351752b2eb2520", "resource_attrs": {}, "section_attrs": {".data": 7.820298035784045, ".rsrc": 1.9559210192764656}, "signature": [], "infos": {"sha1": "27ad36df3a9365662969d4b701a069c3969d1695", "name": "c606145bcf68b4bb27351752b2eb2520.bin", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "9bf06ca10852ceea689c28dac38d962f6808fc62fb5551a769fcd997d3f024b7", "crc32": "3EC4B1DE", "path": "./extract/c606145bcf68b4bb27351752b2eb2520.bin", "ssdeep": "6144:UfUIlVdnhDz6T21CoLSAtA0b7xCnVW5GJZ2tNYLj8Mfs6B21ks:WdbdhlUkSAtA0b7wVzYKj86s6wks", "size": 345600, "sha512": "35169cb927c95ff03f8edae635aabab91e585c92aaf484d2fac31164e2d5477caf6858520c2f5841f6c306525b6a700241394a81df3f74c8828928ff7721b9b0", "md5": "c606145bcf68b4bb27351752b2eb2520"}, "versioninfo": {"InternalName": "0", "FileVersion": "1.02.0002", "CompanyName": "Dm4r HaCkEr", "ProductName": "Project1", "ProductVersion": "1.02.0002", "Translation": "0x0409 0x04b0", "OriginalFilename": "0.exe"}, "ssdeep": "6144:UfUIlVdnhDz6T21CoLSAtA0b7xCnVW5GJZ2tNYLj8Mfs6B21ks:WdbdhlUkSAtA0b7wVzYKj86s6wks", "static_imports": {"count": 6, "kernel32.dll": ["RaiseException"], "oleaut32.dll": ["VariantChangeTypeEx"], "advapi32.dll": ["RegCloseKey"], "ole32.dll": ["OleRun"], "user32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "f433e7fcc51e68080022754836705744", "peid_signatures": null, "pe_filename": "c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd", "resource_attrs": {}, "section_attrs": {"f1dfid6q": 3.520401709686159, "802izwe5": 7.990823717405145}, "signature": [], "infos": {"sha1": "c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd", "name": "c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "5b394b28a054da013a6b89c71fd0919a9ddaa36e5eac258e0589078591ced601", "crc32": "D4614E09", "path": "./extract/c70a8e1f59a0ac04b81b18dedc0ecd34c76f1ffd", "ssdeep": "3072:f/xJKlrFxHr0/IB8+Nm8gl87/sMdkFPEvmofgLV0cx3:bypxHQ/IrgC7/xdkFPEveLVDx3", "size": 238080, "sha512": "c0172a8ce9c8504609a62f00360930054888d78b2b8fa81bf784eba313062fe00809abcacd0b634f1ac80b95e47b9601a8e1b6560a7f08fe5ff77135e67ac6f7", "md5": "969121ec3b1238dfb4c068f5e743a519"}, "versioninfo": {}, "ssdeep": "3072:f/xJKlrFxHr0/IB8+Nm8gl87/sMdkFPEvmofgLV0cx3:bypxHQ/IrgC7/xdkFPEveLVDx3", "static_imports": {"count": 2, "kernel32.dll": ["GetModuleHandleA", "LoadLibraryA", "GetProcAddress", "ExitProcess", "VirtualAlloc", "VirtualFree"], "user32.dll": ["MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/c73cba92512849e59770993e976f5a1ccf4d1fc4.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a9966bf888598a59ae0dc3090fbb5dad", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "c73cba92512849e59770993e976f5a1ccf4d1fc4", "pe_timestamp": "2009-01-13 11:24:44", "virus_type": "c73cba92512849e59770993e976f5a1ccf4d1fc4", "resource_attrs": {}, "section_attrs": {".data": 7.820926348919728}, "signature": [], "infos": {"sha1": "c73cba92512849e59770993e976f5a1ccf4d1fc4", "name": "c73cba92512849e59770993e976f5a1ccf4d1fc4", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "b26800e822ee04037f36a9acc34c9a3115dbe69c065035e0a7b841a70c160ccc", "crc32": "97F9BE1C", "path": "./extract/c73cba92512849e59770993e976f5a1ccf4d1fc4", "ssdeep": "6144:j9lA189qNR9701KY76ewvP6bQ7yMP+DE827SH6:Zl4kmRyp7I6b7MP+Dd2J", "size": 198656, "sha512": "7ec201edb84a44353cb95d025eba2b506d20d58114c87a144ba7126d7b55d111a72ead6701566370fec0fa0dbb42f251a4957c1db1d25c82dad0f458587d8fd4", "md5": "f66b2b0e97b73823564e240d8a6bbdd9"}, "versioninfo": {}, "ssdeep": "6144:j9lA189qNR9701KY76ewvP6bQ7yMP+DE827SH6:Zl4kmRyp7I6b7MP+Dd2J", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "ws2_32.dll": ["inet_addr"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/cbc45ffdd5b835a73c9fa26190468ca4c8b7e910.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "peid_signatures": null, "pe_filename": "cbc45ffdd5b835a73c9fa26190468ca4c8b7e910", "pe_timestamp": "2009-08-04 14:16:06", "virus_type": "cbc45ffdd5b835a73c9fa26190468ca4c8b7e910", "resource_attrs": {}, "section_attrs": {"peei": 6.824062929572461, ".text": 7.998592465393495, ".rsrc": 7.079558649328269}, "signature": [], "infos": {"sha1": "cbc45ffdd5b835a73c9fa26190468ca4c8b7e910", "name": "cbc45ffdd5b835a73c9fa26190468ca4c8b7e910", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "94dfd0e39556eebac3040ee6eb82a1660d01af0a907fa65cbf10a45a9662dfd2", "crc32": "54069324", "path": "./extract/cbc45ffdd5b835a73c9fa26190468ca4c8b7e910", "ssdeep": "3072:BLf3tOfl6+2/xNeOF4uY8pbV4CKHbcOXWHrfRj4BiAXmu:BzwlMlJY2bV4CQeTR8tX", "size": 142335, "sha512": "45aed0802eff43d585c5017a879d01e0444980ff76f3d68b144ca377727765cadcd2148629094d7cdd273ea4694ab778c44393130709144ec8bb12f8facd3841", "md5": "1dd09baa03a57a8e490c6bc803bc28ec"}, "versioninfo": {}, "ssdeep": "3072:BLf3tOfl6+2/xNeOF4uY8pbV4CKHbcOXWHrfRj4BiAXmu:BzwlMlJY2bV4CQeTR8tX", "static_imports": {"count": 1, "Kernel32.dll": ["LoadLibraryA", "GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/cf9e5b5440c2c848cd7bceff2c3cf3d329865312.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_UK", "ENGLISH_US"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "cf9e5b5440c2c848cd7bceff2c3cf3d329865312", "pe_timestamp": "2010-03-08 00:08:39", "virus_type": "cf9e5b5440c2c848cd7bceff2c3cf3d329865312", "resource_attrs": {}, "section_attrs": {"UPX1": 7.929718320875357, ".rsrc": 7.696919399124646}, "signature": [], "infos": {"sha1": "cf9e5b5440c2c848cd7bceff2c3cf3d329865312", "name": "cf9e5b5440c2c848cd7bceff2c3cf3d329865312", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "8707ee53c296f2e5f2f8efa79b59292acab795b757f5e75035b2c3826e225cc3", "crc32": "223B2515", "path": "./extract/cf9e5b5440c2c848cd7bceff2c3cf3d329865312", "ssdeep": "6144:YYDhB6ActM8FbPt6a15RGkPNJAcb+k2WzoPiML3AYRYAe5mYklUBYfFNuLJsU2:T9BvctM85t35JPNJj2WzoRLQYRYzmYtf", "size": 359315, "sha512": "bd5e9a3f679655c62ce1d530746f0ee9c2e41e0b24cb01e8bbf2bc659c177b832707a4c6ce91491e74a118748d4b5b59417d04c25c2f39f405726774eca21f1a", "md5": "047b1d1b89e2fef11f28aef4cdbcaff8"}, "versioninfo": {}, "ssdeep": "6144:YYDhB6ActM8FbPt6a15RGkPNJAcb+k2WzoPiML3AYRYAe5mYklUBYfFNuLJsU2:T9BvctM85t35JPNJj2WzoRLQYRYzmYtf", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/d334ba973a8e4102573c4a0a0aa4aa39bc9cc001.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["SPANISH", "SPANISH_MODERN"], "pe_imphash": "9f2fc2f5f8b46c5fcd153c0ecf4f6b20", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "d334ba973a8e4102573c4a0a0aa4aa39bc9cc001.bin", "pe_timestamp": "2009-06-13 06:19:01", "virus_type": "d334ba973a8e4102573c4a0a0aa4aa39bc9cc001", "resource_attrs": {}, "section_attrs": {"DexCrypt": 4.349791896188176, ".bdata": 7.993382245945147, ".text": 5.01589851951408, ".rsrc": 1.103723122450693}, "signature": [], "infos": {"sha1": "d334ba973a8e4102573c4a0a0aa4aa39bc9cc001", "name": "d334ba973a8e4102573c4a0a0aa4aa39bc9cc001.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "1032328c0fff902d2fe34bb6840c6e511568f05f12719b4d8c26b79350aa99c0", "crc32": "DCAF402A", "path": "./extract/d334ba973a8e4102573c4a0a0aa4aa39bc9cc001.bin", "ssdeep": "6144:A1+wcmB9vooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDt:AQmBRYt2tnwI6gVVb6LRp1X2lWkVjDt", "size": 385084, "sha512": "4dd923f82992e575a3d3aad77580ffad95ead5b77707fcff75613bde7fb8d13df803a85ee88475b25cd5dd28f14fc06f15a3ab6533f2a8baf45c1afc223cef38", "md5": "8aada70e9b8cd6b646e5cda2ba956eda"}, "versioninfo": {"InternalName": "Stub sin nod", "FileVersion": "1.00", "CompanyName": "mod", "ProductName": "mod", "ProductVersion": "1.00", "Translation": "0x0c0a 0x04b0", "OriginalFilename": "Stub sin nod.exe"}, "ssdeep": "6144:A1+wcmB9vooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDt:AQmBRYt2tnwI6gVVb6LRp1X2lWkVjDt", "static_imports": {"count": 1, "MSVBVM60.DLL": ["DllFunctionCall", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/d8a23c2bcee7d0e519585d0c357226b8079a410b.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "b52df0bbf59016bbef9115e588a0c6bd", "peid_signatures": null, "pe_filename": "d8a23c2bcee7d0e519585d0c357226b8079a410b", "pe_timestamp": "1999-08-30 20:56:43", "virus_type": "d8a23c2bcee7d0e519585d0c357226b8079a410b", "resource_attrs": {}, "section_attrs": {".text": 4.43862465484632, ".rsrc": 7.037316086698123}, "signature": [], "infos": {"sha1": "d8a23c2bcee7d0e519585d0c357226b8079a410b", "name": "d8a23c2bcee7d0e519585d0c357226b8079a410b", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "a210c0e279e75c37f3529fa1ff6b57dad549ff9653146c207030b3a922763bc0", "crc32": "0A2B233A", "path": "./extract/d8a23c2bcee7d0e519585d0c357226b8079a410b", "ssdeep": "768:WWTkFFsgwtmanm2AEpSLvL55C60+H2MKr2QWNb5ktVPacguzEwhrMSIfhsxwwn8:HkFGgwbmyS9HUriHktVPM/wwfhC8", "size": 67755, "sha512": "50c1bc0a28d91fa08c88407e5bd95bc2caa083529d2066d6ecb9e9a9c06392de16f90df3691bfdb0be7b79a363b87435b2df5572c86e0132efb157f6ce7aef4e", "md5": "d530d9865ccebfe98152ccb619875f1a"}, "versioninfo": {}, "ssdeep": "768:WWTkFFsgwtmanm2AEpSLvL55C60+H2MKr2QWNb5ktVPacguzEwhrMSIfhsxwwn8:HkFGgwbmyS9HUriHktVPM/wwfhC8", "static_imports": {"count": 1, "*invalid*": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/d9af1a9a8fe4030fbecccd555438124ada2e87e6.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "87bed5a7cba00c7e1f4015f1bdae2183", "peid_signatures": null, "pe_filename": "d9af1a9a8fe4030fbecccd555438124ada2e87e6", "pe_timestamp": "2009-05-28 18:13:54", "virus_type": "d9af1a9a8fe4030fbecccd555438124ada2e87e6", "resource_attrs": {}, "section_attrs": {"ebut": 6.795443262349945, ".text": 7.9987420345368765, ".rsrc": 7.039221345756465}, "signature": [], "infos": {"sha1": "d9af1a9a8fe4030fbecccd555438124ada2e87e6", "name": "d9af1a9a8fe4030fbecccd555438124ada2e87e6", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "205e28dd9f015b7d02f90f8fcd4811d123664823fcd34cf79eeaa939b023114d", "crc32": "EBAF5438", "path": "./extract/d9af1a9a8fe4030fbecccd555438124ada2e87e6", "ssdeep": "3072:a9LTiWzlcswT/hkF/z76D2789kCkiN+iFYxG4PLxFgYA5jMLc8QRA:QLTiWzlZkGzkrmliN+ywG4PLEJb", "size": 142335, "sha512": "dece91a16444d516aba8fa0f19e1da06422625ac4b28e8bbf3a5b0dc80a48146eaabb7f6adb46a6dbc95ccb4b5a6248f249d7d1759b62fb840c32ceada47ba82", "md5": "0331b1f0f837a9c32bfa536b02e98de5"}, "versioninfo": {}, "ssdeep": "3072:a9LTiWzlcswT/hkF/z76D2789kCkiN+iFYxG4PLxFgYA5jMLc8QRA:QLTiWzlZkGzkrmliN+ywG4PLEJb", "static_imports": {"count": 1, "Kernel32.dll": ["LoadLibraryA", "GetProcAddress"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/e497f452330ba894298b34f432f9518835a48309.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "0c170d7ecc03933e495c0870e9c69102", "peid_signatures": null, "pe_filename": "e497f452330ba894298b34f432f9518835a48309", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "e497f452330ba894298b34f432f9518835a48309", "resource_attrs": {}, "section_attrs": {"CODE": 6.424835671687575, ".rsrc": 6.076282527331348, ".idata": 3.398636217887194, ".rdata": 0.2044881574398449, ".reloc": 6.05342196864866, "DATA": 3.4919964255097424}, "signature": [], "infos": {"sha1": "e497f452330ba894298b34f432f9518835a48309", "name": "e497f452330ba894298b34f432f9518835a48309", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "632202e6ff38c7273fe0abf4f0d34a0d6a4df4d874bf686846313dda9aff16fb", "crc32": "B2E79757", "path": "./extract/e497f452330ba894298b34f432f9518835a48309", "ssdeep": "3072:K4CEtp0OUF0IBpPAZR37RbRTBM82PJBEEo2MY:KLEtKOUF0ITP23lbnM8yBEkMY", "size": 122880, "sha512": "f759bb967528176d8068f873ae4e15ef491a1e58c0ce0fc7d19768e944a9fe3f7821276ac20190f8b6c581890553a88d82b36ba27953da4fd8f2c64e43d9d842", "md5": "bccbe620f3595249fa846b3153e92ef9"}, "versioninfo": {}, "ssdeep": "3072:K4CEtp0OUF0IBpPAZR37RbRTBM82PJBEEo2MY:KLEtKOUF0ITP23lbnM8yBEkMY", "static_imports": {"count": 7, "winmm.dll": ["timeGetTime"], "kernel32.dll": ["Sleep", "LoadLibraryExA"], "oleaut32.dll": ["SysFreeString", "SysReAllocStringLen", "SysAllocStringLen"], "advapi32.dll": ["RegQueryValueExA", "RegOpenKeyExA", "RegCloseKey"], "user32.dll": ["GetKeyboardType", "MessageBoxA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/e5255f2be5c1b97f94f2042695636808.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "82bf60972af8dcae3a06893ac6561b87", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "e5255f2be5c1b97f94f2042695636808", "pe_timestamp": "2008-08-28 03:32:42", "virus_type": "e5255f2be5c1b97f94f2042695636808", "resource_attrs": {}, "section_attrs": {"UPX2": 3.3714670277490857, "UPX1": 7.917774217425456}, "signature": [], "infos": {"sha1": "9d9bb0f287d8228aa23742b78063a52fdd2c48e0", "name": "e5255f2be5c1b97f94f2042695636808", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "52c29f64ba83be0914e8a02fa62e90059d7d0fbaf44537798533dddd56110ace", "crc32": "E9A26059", "path": "./extract/e5255f2be5c1b97f94f2042695636808", "ssdeep": "1536:WmYqgjIksQMpE1fgRGcBZVxFvHg304el:WmYt/NMpucBb/v", "size": 76564, "sha512": "31cca6e4ec391eb14d1b391a47206f4c26b0605e55d5b8a24f28707ee4eb3e05dc68ba0edcdb9de231515ae873100cfad69b92e178459ee7ed09b7b96ea3b574", "md5": "e5255f2be5c1b97f94f2042695636808"}, "versioninfo": {}, "ssdeep": "1536:WmYqgjIksQMpE1fgRGcBZVxFvHg304el:WmYt/NMpucBb/v", "static_imports": {"count": 6, "SHELL32.dll": ["SHFileOperationA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["malloc"], "ADVAPI32.dll": ["RegCloseKey"], "WS2_32.dll": ["ntohs"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/e91452f836de1eecbd691db3d98bc7de.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "09d0478591d4f788cb3e5ea416c25237", "peid_signatures": null, "pe_filename": "e91452f836de1eecbd691db3d98bc7de", "pe_timestamp": "2012-03-02 02:48:21", "virus_type": "e91452f836de1eecbd691db3d98bc7de", "resource_attrs": {}, "section_attrs": {".text": 7.997276574156279, ".rsrc": 6.281533647472007}, "signature": [], "infos": {"sha1": "eb16f65b07c56bd62e3fa73aa7eab05c2710286c", "name": "e91452f836de1eecbd691db3d98bc7de", "type": "MS-DOS executable, MZ for MS-DOS", "sha256": "2d021f4735ed928ffd80b6e837b9fcb247726dce9aef304149bc0b73a05f2fa0", "crc32": "5F4ACDA5", "path": "./extract/e91452f836de1eecbd691db3d98bc7de", "ssdeep": "3072:rMvgGiPR0jrbBw0OzzBMWHEnpEuLPLIHtjG:rmg9p2rbi0OPB8y8PL", "size": 145408, "sha512": "e502f20312238582befbd63710b894c601b9b2e37d152cb7a8f1949b4b1d30903eefb8b19cb46d1435b7327b231486c3e6da491d99564e3e76d525554fe08188", "md5": "e91452f836de1eecbd691db3d98bc7de"}, "versioninfo": {"LegalCopyright": "hrpfgug", "InternalName": "test", "FileVersion": "7.04.0013", "CompanyName": "srtnknejjqrtpekha", "LegalTrademarks": "mhvddceorul", "Comments": "qcoqaentoithgsk", "ProductName": "qbcealrohvajvbhg", "ProductVersion": "7.04.0013", "FileDescription": "mocosqcaktiedhpvi", "Translation": "0x0409 0x04b0", "OriginalFilename": "test.exe"}, "ssdeep": "3072:rMvgGiPR0jrbBw0OzzBMWHEnpEuLPLIHtjG:rmg9p2rbi0OPB8y8PL", "static_imports": {"count": 1, "kernel32.dll": ["LoadLibraryA", "GetProcAddress", "VirtualAlloc", "VirtualFree"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ead6ac271eb6869e965eb611f2bb5126.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "ead6ac271eb6869e965eb611f2bb5126", "pe_timestamp": "2011-01-17 04:38:02", "virus_type": "ead6ac271eb6869e965eb611f2bb5126", "resource_attrs": {}, "section_attrs": {".text": 7.986244240709104, ".rsrc": 0.7529733300214349}, "signature": [], "infos": {"sha1": "abf0cd1db1a66c352722b9d70a10a92f2ad77b0b", "name": "ead6ac271eb6869e965eb611f2bb5126", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed", "sha256": "14727770a97cd7c301e84b86e2e7444a39604ee8f248e0ffcd89b781de98960a", "crc32": "342C6352", "path": "./extract/ead6ac271eb6869e965eb611f2bb5126", "ssdeep": "768:Kkq1UHIs/4TAuEnVc01/+Buis9zNGQAZJLA7q0SRK3SgUbcgJE:s1UHr/4Tmn6a/au/9EQoJG2vgNJ", "size": 124416, "sha512": "2156f34ac1bdf69e5599e27c0b1601c8f4ade03c73ebaa752d3aaec1cbc32e71bd051a33264c508be22080a5a296c5a867afa8f4bc6c9a3fac359a39f3471923", "md5": "ead6ac271eb6869e965eb611f2bb5126"}, "versioninfo": {"LegalCopyright": "DuISBBobBYlzh", "InternalName": "2", "FileVersion": "1.00", "CompanyName": "gcnr", "Comments": "bdmvqTkCQqka", "ProductName": "QIhwpZGJeGKZj", "ProductVersion": "1.00", "FileDescription": "koNCztLIfB", "Translation": "0x0409 0x04b0", "OriginalFilename": "2.exe"}, "ssdeep": "768:Kkq1UHIs/4TAuEnVc01/+Buis9zNGQAZJLA7q0SRK3SgUbcgJE:s1UHr/4Tmn6a/au/9EQoJG2vgNJ", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ec93e2d6244192fc8f33374afc34a0de1aa3d2bc.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "ba9f425cec38966f75b77722e3a4c61f", "peid_signatures": ["ASProtect v1.23 RC1"], "pe_filename": "ec93e2d6244192fc8f33374afc34a0de1aa3d2bc", "pe_timestamp": "2009-01-12 19:31:14", "virus_type": "ec93e2d6244192fc8f33374afc34a0de1aa3d2bc", "resource_attrs": {}, "section_attrs": {".data": 7.828399620286939}, "signature": [], "infos": {"sha1": "ec93e2d6244192fc8f33374afc34a0de1aa3d2bc", "name": "ec93e2d6244192fc8f33374afc34a0de1aa3d2bc", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "f0b24e0cd0675f524aee7ea2be12a54f1dab4da5c92c869ff45e4fe42cac200b", "crc32": "C49B50C6", "path": "./extract/ec93e2d6244192fc8f33374afc34a0de1aa3d2bc", "ssdeep": "6144:Cb6J54j0Lsgap0KKOWr6wvP6bQ7yMP+DE827phd:CU4oH/UWr76b7MP+Dd2Fhd", "size": 212992, "sha512": "e9595d2dbefc7c2c357a6188e5bbcd8c09a39bd3192318c06883c77eacbd537bf32bcbb600f0e1829afde1d184fe9a5e1adac57e4fe1bf8d9840e6ced75763dc", "md5": "7337e00467552a355fb79cf68c5d2a7a"}, "versioninfo": {}, "ssdeep": "6144:Cb6J54j0Lsgap0KKOWr6wvP6bQ7yMP+DE827phd:CU4oH/UWr76b7MP+Dd2Fhd", "static_imports": {"count": 4, "kernel32.dll": ["RaiseException"], "ws2_32.dll": ["WSACleanup"], "oleaut32.dll": ["VariantChangeTypeEx"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/f2970e9cf91b6c3e3aa47ff060cd66e88751586f.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "f2970e9cf91b6c3e3aa47ff060cd66e88751586f", "pe_timestamp": "1970-01-01 09:08:16", "virus_type": "f2970e9cf91b6c3e3aa47ff060cd66e88751586f", "resource_attrs": {}, "section_attrs": {".rsrc": 7.988161935800453}, "signature": [], "infos": {"sha1": "f2970e9cf91b6c3e3aa47ff060cd66e88751586f", "name": "f2970e9cf91b6c3e3aa47ff060cd66e88751586f", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "cf4c8c8f7c2d600344d6a921f57141199d09668dd6cf16efcbcc533ac655bca1", "crc32": "F8CAC4F7", "path": "./extract/f2970e9cf91b6c3e3aa47ff060cd66e88751586f", "ssdeep": "768:th0rMP2TBydaAVWWyXaMbsfd769sYuRjmcC5Y3K3nD4+LYSoDueHe6qKcWnCht:tWSOBydaAUWyXrEd70sK5Y6XD44oCOeF", "size": 44372, "sha512": "24720875fe3fcce40e5e0a614c66af6ed590f795d0d676591b84a86595678f37ad1fedf7cde93127e05448d123c13a556ee7c8c0978fbdea4c180d8cc3d94f4d", "md5": "816a9973dd1f8147114d54570f2194bc"}, "versioninfo": {}, "ssdeep": "768:th0rMP2TBydaAVWWyXaMbsfd769sYuRjmcC5Y3K3nD4+LYSoDueHe6qKcWnCht:tWSOBydaAUWyXrEd70sK5Y6XD44oCOeF", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/f2a44e1ce247d2596abead236a9d0d10.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL", "ENGLISH", "ENGLISH_US"], "pe_imphash": "7cbafe4718200b53ff07e1bf9c561ff2", "peid_signatures": null, "pe_filename": "f2a44e1ce247d2596abead236a9d0d10", "pe_timestamp": "1970-01-01 08:00:00", "virus_type": "f2a44e1ce247d2596abead236a9d0d10", "resource_attrs": {}, "section_attrs": {".sdata": 7.994488535412835, ".hhqg": 2.1632712457621173, ".text": 4.858189021604844, ".rsrc": 3.0759379289349065}, "signature": [], "infos": {"sha1": "0b924d726ea6cd7412a7cd708d5b82c6f9cc58e6", "name": "f2a44e1ce247d2596abead236a9d0d10", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "519db8519ce1aed41cc9764a9246f8a3e57268981ee7ff8b49dda4f8f242b376", "crc32": "6A194E85", "path": "./extract/f2a44e1ce247d2596abead236a9d0d10", "ssdeep": "1536:Ne5AakFmuH8d3pDfT9tdXVC8/o5ThgpAJmcxQWs952lGQgmI5XY6biHAjDAq0yDx:N5agmvJfdXVCkoJzG32cb+gPA5gyW", "size": 221184, "sha512": "a9b4822676773996f0ded75018716f1c335345d38178e0c12f5cd222bf721148bfb42d187c9e106606930d4cb4c78d39f4f3e848848db8998b070a53fc394540", "md5": "f2a44e1ce247d2596abead236a9d0d10"}, "versioninfo": {"InternalName": "Brontok.A", "FileVersion": "1.00.0004", "CompanyName": " ", "Comments": " ", "ProductName": "Brontok.A", "ProductVersion": "1.00.0004", "Translation": "0x0409 0x04b0", "OriginalFilename": "Brontok.A.HVM31"}, "ssdeep": "1536:Ne5AakFmuH8d3pDfT9tdXVC8/o5ThgpAJmcxQWs952lGQgmI5XY6biHAjDAq0yDx:N5agmvJfdXVCkoJzG32cb+gPA5gyW", "static_imports": {"count": 1, "MSVBVM60.DLL": ["MethCallEngine", "EVENT_SINK_AddRef", "DllFunctionCall", "EVENT_SINK_Release", "EVENT_SINK_QueryInterface", "__vbaExceptHandler"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/f36a82465bbc57ca246f0683bca4510e.json: -------------------------------------------------------------------------------- 1 | {"languages": ["FRENCH"], "pe_imphash": "8f0ec0619de01c95c28e20923c9155d0", "peid_signatures": null, "pe_filename": "f36a82465bbc57ca246f0683bca4510e", "pe_timestamp": "2003-10-31 00:39:15", "virus_type": "f36a82465bbc57ca246f0683bca4510e", "resource_attrs": {}, "section_attrs": {"UPX1": 7.879533595513504, ".DUPX1": 7.993538624117608, ".rsrc": 3.3866415091709783}, "signature": [], "infos": {"sha1": "5ae631e68acb929204af33ba69de1377fe69ad40", "name": "f36a82465bbc57ca246f0683bca4510e", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "56d50fd8303938f70c6757e45fdcbd1e48fc928ff3ed0f1b7c8fa609ed7cc748", "crc32": "AD30AC72", "path": "./extract/f36a82465bbc57ca246f0683bca4510e", "ssdeep": "6144:f1zE4ylZ40g0M8sviebzGU/UPTQGMJmiolB+I5:Efrgvxa6zPsbQGWlov++", "size": 202240, "sha512": "a15b3409d8e24a8dcca344cc7fada699344f5c46f07e2c301aeb25c0f40bfb2cd25862782de27d88d6177d528f6b49707da302292f9256bb7f5d4a7fead5f490", "md5": "f36a82465bbc57ca246f0683bca4510e"}, "versioninfo": {}, "ssdeep": "6144:f1zE4ylZ40g0M8sviebzGU/UPTQGMJmiolB+I5:Efrgvxa6zPsbQGWlov++", "static_imports": {"count": 5, "GDI32.dll": ["BitBlt"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "ExitProcess"], "OLEAUT32.dll": ["OleLoadPicture"], "ole32.dll": ["CreateStreamOnHGlobal"], "USER32.dll": ["GetDC"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US"], "pe_imphash": "", "peid_signatures": null, "pe_filename": "f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e", "pe_timestamp": "2015-01-11 19:51:28", "virus_type": "f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e", "resource_attrs": {}, "section_attrs": {".rsrc": 4.349487959621844, ".reloc": 3.7971477937514826, ".rdata": 4.5898227897788155, ".data": 5.277439496501717, ".pdata": 5.962516857315487, ".text": 6.226335426063885}, "signature": [], "infos": {"sha1": "f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e", "name": "f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e", "type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows", "sha256": "7d8f933e7f3ef52085984cb27385facce88243951410fbc201c896b0d1adbc4b", "crc32": "C7274361", "path": "./extract/f6973673dea29b23bdfd6a3d91dd16c1a98f2e4e", "ssdeep": "6144:O9S8iPKc/27KjT/ZwnNBTVOTBBUy3wqqwkMsZR:M+Kc/XjT6jGAqqp", "size": 256752, "sha512": "b85954971b0020ec525561f6e5410dde5d6dd268ffc9139e99cd05cf1a9bca900f1e8088f8bf5ee598d74d8798fe1751a942fa411c2471d9313a65312b5e99c4", "md5": "7019dd8e27c7ebcdbba1cd1c840b07f4"}, "versioninfo": {"LegalCopyright": "TODO: (c) . All rights reserved.", "InternalName": "", "FileVersion": "4.0.0.3", "CompanyName": "TODO: ", "ProductName": "", "ProductVersion": "4.0.0.3", "FileDescription": "TODO: ", "Translation": "0x0409 0x04b0", "OriginalFilename": ""}, "ssdeep": "6144:O9S8iPKc/27KjT/ZwnNBTVOTBBUy3wqqwkMsZR:M+Kc/XjT6jGAqqp", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/fa0b1986a2367535cc4973064e789beab30a03cb.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "05a1e71ec1b63590b6b8ac66a4b33c41", "peid_signatures": null, "pe_filename": "fa0b1986a2367535cc4973064e789beab30a03cb.bin", "pe_timestamp": "2011-01-02 04:09:34", "virus_type": "fa0b1986a2367535cc4973064e789beab30a03cb", "resource_attrs": {}, "section_attrs": {"UPX2": 7.991642077064105, "UPX1": 7.876144980138554}, "signature": [], "infos": {"sha1": "fa0b1986a2367535cc4973064e789beab30a03cb", "name": "fa0b1986a2367535cc4973064e789beab30a03cb.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "9434581a0ed5aeb09bd7d6e25fb8089e00daa5f52825f7613523a9f1a1fa49e4", "crc32": "682157FC", "path": "./extract/fa0b1986a2367535cc4973064e789beab30a03cb.bin", "ssdeep": "1536:EYGKxlMviy0egpvArCK0IheMo5nIhvJ8bLtJwKHS+w4rLE/kPYYbSGQS3OiVdla7:PLFy0FpoGK0IGBtJX0P/k1Si3OiVdk7", "size": 100000, "sha512": "c0382123a1258998b4512e836a34338e7136fc05adf6b2ad1248a90db1bfca7575f9ee218f5d554aa7a2ed0a5959bd86bf2e67e87b87aba84a0074f209bd2b51", "md5": "4a286e354c01441fbe5313e959f653cf"}, "versioninfo": {}, "ssdeep": "1536:EYGKxlMviy0egpvArCK0IheMo5nIhvJ8bLtJwKHS+w4rLE/kPYYbSGQS3OiVdla7:PLFy0FpoGK0IGBtJX0P/k1Si3OiVdk7", "static_imports": {"count": 8, "iphlpapi.dll": ["GetAdaptersInfo"], "WININET.dll": ["FtpOpenFileA"], "SHELL32.dll": ["SHGetFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "ExitProcess"], "MSVCRT.dll": ["memcpy"], "ADVAPI32.dll": ["CredFree"], "WS2_32.dll": ["WSAStartup"], "USER32.dll": ["wsprintfA"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/fa2b1ccb6e1c011a00584bab55220a63279518f3.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["SPANISH", "SPANISH_MODERN"], "pe_imphash": "9f2fc2f5f8b46c5fcd153c0ecf4f6b20", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "fa2b1ccb6e1c011a00584bab55220a63279518f3.bin", "pe_timestamp": "2009-06-13 06:19:01", "virus_type": "fa2b1ccb6e1c011a00584bab55220a63279518f3", "resource_attrs": {}, "section_attrs": {"DexCrypt": 4.349791896188176, ".bdata": 7.993382245945147, ".text": 5.01589851951408, ".rsrc": 1.103723122450693}, "signature": [], "infos": {"sha1": "fa2b1ccb6e1c011a00584bab55220a63279518f3", "name": "fa2b1ccb6e1c011a00584bab55220a63279518f3.bin", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "bc898147d2861f9b409ef964763c594c058d8d864620012907b36c697e12c0f6", "crc32": "E313DE00", "path": "./extract/fa2b1ccb6e1c011a00584bab55220a63279518f3.bin", "ssdeep": "6144:t3UrNVzOstdWgqUooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDY:tkZos/WgqUYt2tnwI6gVVb6LRp1X2lWj", "size": 389180, "sha512": "d82133a552bfb9b1df995bb0cae1b8fb6ef181be6b5805ca03d4929e7bf36d0f7bc12a45f3e93468242be78848293db2ea3830a41f4beb6740e5485dd6bce3fe", "md5": "ffae2e3783e71c5ffa78950b8931be9c"}, "versioninfo": {"InternalName": "Stub sin nod", "FileVersion": "1.00", "CompanyName": "mod", "ProductName": "mod", "ProductVersion": "1.00", "Translation": "0x0c0a 0x04b0", "OriginalFilename": "Stub sin nod.exe"}, "ssdeep": "6144:t3UrNVzOstdWgqUooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDY:tkZos/WgqUYt2tnwI6gVVb6LRp1X2lWj", "static_imports": {"count": 1, "MSVBVM60.DLL": ["DllFunctionCall", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/fb5fb4156c676cf0e906fc61142cd80174e8aaff.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "fb5fb4156c676cf0e906fc61142cd80174e8aaff", "pe_timestamp": "2011-10-23 01:36:28", "virus_type": "fb5fb4156c676cf0e906fc61142cd80174e8aaff", "resource_attrs": {}, "section_attrs": {".reloc": 0.10191042566270775, ".rsrc": 4.89973621874031, ".text": 5.713262995678032, ".sdata": 2.319853772772406}, "signature": [], "infos": {"sha1": "fb5fb4156c676cf0e906fc61142cd80174e8aaff", "name": "fb5fb4156c676cf0e906fc61142cd80174e8aaff", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "cb26812de0941e1ce1ce173e154464527cac1a0a08e2a656668cb9541ff4fe37", "crc32": "71F0A265", "path": "./extract/fb5fb4156c676cf0e906fc61142cd80174e8aaff", "ssdeep": "6144:uU3I2c40aaAx+6tSD5LPyT4sR2IGkWU3I2c48aaAx+6tSD5LPy:ueI28aaAHStLPydROeI2UaaAHStLPy", "size": 493568, "sha512": "5b85c5c39cee295d87d71a02b234c79c0a2ffbbd0a635b3b01dddd321737670b83ac716808310d3787ac60a98f3832820448327bf85448d48e82232465ae1013", "md5": "3222f726b752bea68ab4a0c55eaa5ffd"}, "versioninfo": {"LegalCopyright": "Copyright \\xa9 Exploiter Team 2011", "Assembly Version": "1.1.0.0", "InternalName": "shell booter.exe", "FileVersion": "1.0.0.0", "CompanyName": "Exploiter Team", "ProductName": "shell booter", "ProductVersion": "1.1.0.0", "FileDescription": "DDOS Tool", "Translation": "0x0000 0x04b0", "OriginalFilename": "shell booter.exe"}, "ssdeep": "6144:uU3I2c40aaAx+6tSD5LPyT4sR2IGkWU3I2c48aaAx+6tSD5LPy:ueI28aaAHStLPydROeI2UaaAHStLPy", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/fc934aa8379241d4a4c5abd700ead8c6b2500eee.bin.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "", "peid_signatures": ["MoleBox V2.3X -> MoleStudio.com"], "pe_filename": "fc934aa8379241d4a4c5abd700ead8c6b2500eee.bin", "pe_timestamp": "2007-12-28 22:11:35", "virus_type": "fc934aa8379241d4a4c5abd700ead8c6b2500eee", "resource_attrs": {}, "section_attrs": {".adata": 5.380198580399707, ".text": 7.665246416373268, ".rsrc": 4.817478738174982}, "signature": [], "infos": {"sha1": "fc934aa8379241d4a4c5abd700ead8c6b2500eee", "name": "fc934aa8379241d4a4c5abd700ead8c6b2500eee.bin", "type": "PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows", "sha256": "1b348c8f231c357f87961e8ffc2dc7b26bc8143f3b985bb6de77210aab33ef11", "crc32": "73C3584E", "path": "./extract/fc934aa8379241d4a4c5abd700ead8c6b2500eee.bin", "ssdeep": "6144:cMK5uvY7El1yE8Ymhj6kGNE21SFSU8zP:45ugUEYmqNh5UQ", "size": 237568, "sha512": "84f336ed524b05a03783e69188ae2eeb3f20af78a3d97bb03ebeb5de9fe2d7af8e3988b3e85a833ecd4948676b0f34857956b9adf2187205edf236084824e759", "md5": "af4e6053dbed7d13cad65818359ea427"}, "versioninfo": {}, "ssdeep": "6144:cMK5uvY7El1yE8Ymhj6kGNE21SFSU8zP:45ugUEYmqNh5UQ", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/fd12ce6384684c93750884d0180f36bfcdb669c0.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "fd12ce6384684c93750884d0180f36bfcdb669c0", "pe_timestamp": "2014-11-01 20:59:40", "virus_type": "fd12ce6384684c93750884d0180f36bfcdb669c0", "resource_attrs": {}, "section_attrs": {"UPX1": 7.9254379918212825, ".rsrc": 7.409187836673602}, "signature": [], "infos": {"sha1": "fd12ce6384684c93750884d0180f36bfcdb669c0", "name": "fd12ce6384684c93750884d0180f36bfcdb669c0", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "d0280fadee3f0c2a517899b68f319f57c0cd89380dc87c09278b9ef8cf17e6ad", "crc32": "E802B653", "path": "./extract/fd12ce6384684c93750884d0180f36bfcdb669c0", "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/tkXrVQQ:R2J50JCoZBrTZa+BrP1Db4QUod/2", "size": 340331, "sha512": "81a8d8d2d8bf8dd29b7e9c69bc6bb47ebb98b6c0460dd2e44d26251bccb2821ceeffc53a498b46bebacc01ad646d74c54464623762a35355790619ca8f935d23", "md5": "2efb98628771e1e98d61a771fbd69de4"}, "versioninfo": {}, "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1uod/tkXrVQQ:R2J50JCoZBrTZa+BrP1Db4QUod/2", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ffa92a7806098f8a56df796dbd9235f203ed781f.json: -------------------------------------------------------------------------------- 1 | {"languages": ["ENGLISH", "ENGLISH_US", "NEUTRAL"], "pe_imphash": "f34d5f2d4577ed6d9ceec516c1f5a744", "peid_signatures": null, "pe_filename": "ffa92a7806098f8a56df796dbd9235f203ed781f", "pe_timestamp": "2015-06-16 06:28:27", "virus_type": "ffa92a7806098f8a56df796dbd9235f203ed781f", "resource_attrs": {}, "section_attrs": {".reloc": 0.08153941234324169, ".text": 6.493123943653071, ".rsrc": 4.656280796412679}, "signature": [], "infos": {"sha1": "ffa92a7806098f8a56df796dbd9235f203ed781f", "name": "ffa92a7806098f8a56df796dbd9235f203ed781f", "type": "PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows", "sha256": "704cab2f27063cb80d3b125d624ec88cad9ad0c3183694ec98e65c99c2707661", "crc32": "550F9D2C", "path": "./extract/ffa92a7806098f8a56df796dbd9235f203ed781f", "ssdeep": "1536:tkvCFurhRfkFOIwwwwwwwwBcJu4jnuQpMeFs:tkvCFurh5WOKcJJjusMeFs", "size": 63576, "sha512": "f9f65280a8895d62c95594939929cc1cf115712828ae9828ce88ac84976e24ff2564c28136fdc2ce73fb839bb4a380ee2fd2a85f1c4b1a4f4b38a4e7c3ca9165", "md5": "85fcb2ebd224e405c181dad61e6bb184"}, "versioninfo": {"LegalCopyright": "Copyright (C) 2015", "InternalName": "WordSurferAutoUpdateClient.exe", "FileVersion": "1.10.0.19", "CompanyName": "Word Surfer", "Comments": "Compiled: 2015-06-15T22:28:46Z. Configuration: Release", "ProductName": "Word Surfer AutoUpdate Client", "ProductVersion": "1.10.0.19", "FileDescription": "Word Surfer AutoUpdate Client", "Translation": "0x0409 0x04b0", "OriginalFilename": "WordSurferAutoUpdateClient.exe"}, "ssdeep": "1536:tkvCFurhRfkFOIwwwwwwwwBcJu4jnuQpMeFs:tkvCFurh5WOKcJJjusMeFs", "static_imports": {"count": 1, "mscoree.dll": ["_CorExeMain"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ffae2e3783e71c5ffa78950b8931be9c.json: -------------------------------------------------------------------------------- 1 | {"languages": ["SPANISH", "SPANISH_MODERN"], "pe_imphash": "9f2fc2f5f8b46c5fcd153c0ecf4f6b20", "peid_signatures": ["RCryptor v1.5 (Private) --> Vaska"], "pe_filename": "ffae2e3783e71c5ffa78950b8931be9c", "pe_timestamp": "2009-06-13 06:19:01", "virus_type": "ffae2e3783e71c5ffa78950b8931be9c", "resource_attrs": {}, "section_attrs": {"DexCrypt": 4.349791896188176, ".bdata": 7.993382245945147, ".text": 5.01589851951408, ".rsrc": 1.103723122450693}, "signature": [], "infos": {"sha1": "fa2b1ccb6e1c011a00584bab55220a63279518f3", "name": "ffae2e3783e71c5ffa78950b8931be9c", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "bc898147d2861f9b409ef964763c594c058d8d864620012907b36c697e12c0f6", "crc32": "E313DE00", "path": "./extract/ffae2e3783e71c5ffa78950b8931be9c", "ssdeep": "6144:t3UrNVzOstdWgqUooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDY:tkZos/WgqUYt2tnwI6gVVb6LRp1X2lWj", "size": 389180, "sha512": "d82133a552bfb9b1df995bb0cae1b8fb6ef181be6b5805ca03d4929e7bf36d0f7bc12a45f3e93468242be78848293db2ea3830a41f4beb6740e5485dd6bce3fe", "md5": "ffae2e3783e71c5ffa78950b8931be9c"}, "versioninfo": {"InternalName": "Stub sin nod", "FileVersion": "1.00", "CompanyName": "mod", "ProductName": "mod", "ProductVersion": "1.00", "Translation": "0x0c0a 0x04b0", "OriginalFilename": "Stub sin nod.exe"}, "ssdeep": "6144:t3UrNVzOstdWgqUooOsWcvVt486ZHLjDg2Dgx7Vb6OCKzyp1Xiv539skJFt/jDY:tkZos/WgqUYt2tnwI6gVVb6LRp1X2lWj", "static_imports": {"count": 1, "MSVBVM60.DLL": ["DllFunctionCall", "__vbaExceptHandler", "ProcCallEngine"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ffea304037a6b333a82404d5bf76ac6c2341cebd.json: -------------------------------------------------------------------------------- 1 | {"languages": ["CHINESE", "CHINESE_SIMPLIFIED", "NEUTRAL"], "pe_imphash": "", "peid_signatures": ["UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser"], "pe_filename": "ffea304037a6b333a82404d5bf76ac6c2341cebd", "pe_timestamp": "2014-11-01 20:59:40", "virus_type": "ffea304037a6b333a82404d5bf76ac6c2341cebd", "resource_attrs": {}, "section_attrs": {"UPX1": 7.9254379918212825, ".rsrc": 3.7615513702199097}, "signature": [], "infos": {"sha1": "ffea304037a6b333a82404d5bf76ac6c2341cebd", "name": "ffea304037a6b333a82404d5bf76ac6c2341cebd", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "06563c684ec302897ee8a14d874ea77b2abb17522f3ae7f2fdc71398cce64deb", "crc32": "627B4E7C", "path": "./extract/ffea304037a6b333a82404d5bf76ac6c2341cebd", "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1S:R2J50JCoZBrTZa+BrP1Db4QM", "size": 303464, "sha512": "5da31466876aab54d2153421b7c6619559202a7c62692743f02016f52e536c54603f9d121638edf20518f2313e157a0164ba0139e03a37268177bef04edeab6c", "md5": "49afb8fe7b375d0bc12e7b38948dbae5"}, "versioninfo": {}, "ssdeep": "6144:R2J50JNUoZyPOdFTpvaXdbkBrPCEbv3b4Q1S:R2J50JCoZBrTZa+BrP1Db4QM", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/ffec8e103106bf52d2e05768dd349c3f1280b021.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "", "peid_signatures": null, "pe_filename": "ffec8e103106bf52d2e05768dd349c3f1280b021", "pe_timestamp": "2006-08-08 01:50:55", "virus_type": "ffec8e103106bf52d2e05768dd349c3f1280b021", "resource_attrs": {}, "section_attrs": {"UPX1": 7.904182797673691}, "signature": [], "infos": {"sha1": "ffec8e103106bf52d2e05768dd349c3f1280b021", "name": "ffec8e103106bf52d2e05768dd349c3f1280b021", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "678111a041f2988d1265b412241556a443941381f0fe3ed6dd143fe9de7346f0", "crc32": "40C297E0", "path": "./extract/ffec8e103106bf52d2e05768dd349c3f1280b021", "ssdeep": "384:5OpuLIFMiwmWbz4BjdgdZQOcSLJnb/KFNYXDQ5o7iM0xHVoV77x0Vl/AsnxM7SgI:5GuLI+iwmWQB5gzQOcW1/fDQ5ou31+7I", "size": 22812, "sha512": "cde39c7d07e0ae56021890d365c79e1b4067952d4be8d31e24cd6362f60661ccdb4376ab0091375fdb184588a29591ddd66c63912be485425b2bc84aff6a4a41", "md5": "3a3c63c258111dae47ead4223f0de85c"}, "versioninfo": {}, "ssdeep": "384:5OpuLIFMiwmWbz4BjdgdZQOcSLJnb/KFNYXDQ5o7iM0xHVoV77x0Vl/AsnxM7SgI:5GuLI+iwmWQB5gzQOcW1/fDQ5ou31+7I", "static_imports": {"count": 0}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/kido.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a2f0b47b927bd944f968265bfd81b949", "peid_signatures": null, "pe_filename": "kido.exe", "pe_timestamp": "2000-11-14 21:33:31", "virus_type": "kido", "resource_attrs": {}, "section_attrs": {"UPX2": 3.648771177017359, "UPX1": 7.799393160436165}, "signature": [], "infos": {"sha1": "c6681b210e720b9ba5ba3ddd189601b1faa2b531", "name": "kido.exe", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "d8184a4d8a595347682edfb64abd12868f4149b6ec88ad7f65b38b9bf77a9b93", "crc32": "A4350146", "path": "./extract/kido.exe", "ssdeep": "3072:wfcDKhGzQzP/TowOoI4PV/SbETesZArfqrSZW6m0tZezIdDKHClK0T6p3C:wfgZ8zPboJUN/UsOrfqL6mGZsIdWHPAZ", "size": 161547, "sha512": "3fe07cd07f7820507581023719cd0e018bb5b4ca54b3db0b6144b6d316c964bab9da8119bad2478834aa1e0fdfa0313f8ffd5f7bcb9391e6a896ad619b9b1aa2", "md5": "515ea537628f3371fbac9a332854062d"}, "versioninfo": {}, "ssdeep": "3072:wfcDKhGzQzP/TowOoI4PV/SbETesZArfqrSZW6m0tZezIdDKHClK0T6p3C:wfgZ8zPboJUN/UsOrfqL6mGZsIdWHPAZ", "static_imports": {"count": 7, "GDI32.dll": ["GetROP2"], "SHELL32.dll": [], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree"], "MSVCRT.dll": ["free"], "ADVAPI32.dll": ["IsValidAcl"], "ole32.dll": ["CoFileTimeNow"], "USER32.dll": ["IsMenu"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/malware 2.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "a2f0b47b927bd944f968265bfd81b949", "peid_signatures": null, "pe_filename": "malware 2.exe", "pe_timestamp": "2000-11-14 21:33:31", "virus_type": "malware 2", "resource_attrs": {}, "section_attrs": {"UPX2": 3.648771177017359, "UPX1": 7.799393160436165}, "signature": [], "infos": {"sha1": "c6681b210e720b9ba5ba3ddd189601b1faa2b531", "name": "malware 2.exe", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "d8184a4d8a595347682edfb64abd12868f4149b6ec88ad7f65b38b9bf77a9b93", "crc32": "A4350146", "path": "./extract/malware 2.exe", "ssdeep": "3072:wfcDKhGzQzP/TowOoI4PV/SbETesZArfqrSZW6m0tZezIdDKHClK0T6p3C:wfgZ8zPboJUN/UsOrfqL6mGZsIdWHPAZ", "size": 161547, "sha512": "3fe07cd07f7820507581023719cd0e018bb5b4ca54b3db0b6144b6d316c964bab9da8119bad2478834aa1e0fdfa0313f8ffd5f7bcb9391e6a896ad619b9b1aa2", "md5": "515ea537628f3371fbac9a332854062d"}, "versioninfo": {}, "ssdeep": "3072:wfcDKhGzQzP/TowOoI4PV/SbETesZArfqrSZW6m0tZezIdDKHClK0T6p3C:wfgZ8zPboJUN/UsOrfqL6mGZsIdWHPAZ", "static_imports": {"count": 7, "GDI32.dll": ["GetROP2"], "SHELL32.dll": [], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree"], "MSVCRT.dll": ["free"], "ADVAPI32.dll": ["IsValidAcl"], "ole32.dll": ["CoFileTimeNow"], "USER32.dll": ["IsMenu"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/malware 5.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "15de8329f19f7ff2f2fc70471d3c1315", "peid_signatures": null, "pe_filename": "malware 5.exe", "pe_timestamp": "2002-07-01 22:27:13", "virus_type": "malware 5", "resource_attrs": {}, "section_attrs": {"UPX2": 3.727593678382119, "UPX1": 7.797841391348301}, "signature": [], "infos": {"sha1": "db69f7769d151d42afec4a6467647e3f93066f4f", "name": "malware 5.exe", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "ab386ce059a2dbe3f67afdc13454a123e31bcdfb5e83ab595c012480814c74db", "crc32": "4FDD5ADB", "path": "./extract/malware 5.exe", "ssdeep": "12288:Mp1C6h1ecYfwvEbkH9p0gvthdMkAJ9NMd2AZoWMGyu2q6aE5HOVt8J52EFLrSv5+:MpQ6tYIE69tqWVtglJ", "size": 2276663, "sha512": "7c96bee08f3157f8350ae9abf0dc2899d641c5abc126d9383daae8b32f71b3945351d4668742bcdf1c23659f854b5d404daf8fa8b81b4ef3f494ecffef07134c", "md5": "794ceeb7fb0ae10edba096b5ad960e3c"}, "versioninfo": {}, "ssdeep": "12288:Mp1C6h1ecYfwvEbkH9p0gvthdMkAJ9NMd2AZoWMGyu2q6aE5HOVt8J52EFLrSv5+:MpQ6tYIE69tqWVtglJ", "static_imports": {"count": 7, "GDI32.dll": ["GetPixel"], "SHELL32.dll": [], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree"], "MSVCRT.dll": ["free"], "ADVAPI32.dll": ["RevertToSelf"], "ole32.dll": ["CoGetCurrentProcess"], "USER32.dll": ["IsChild"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/malware 6.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": [], "pe_imphash": "7118baeb2c641a09d75b50661cbd752f", "peid_signatures": null, "pe_filename": "malware 6.exe", "pe_timestamp": "2003-09-19 20:23:23", "virus_type": "malware 6", "resource_attrs": {}, "section_attrs": {"UPX2": 3.8668288652339053, "UPX1": 7.793221981086871}, "signature": [], "infos": {"sha1": "76ed24db9cbdacbd44ad64a715d3a80318d10084", "name": "malware 6.exe", "type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "58b257f6e3fc6fa6f9f96d595b7b39e95272d811e84316d20511456fda46886d", "crc32": "3F78EB68", "path": "./extract/malware 6.exe", "ssdeep": "3072:2ucB4jZfsgXy8DyfKF0xI8PMTH1eD7xVM9E7qV4rff:FfZi9IiD7xVdGirH", "size": 160535, "sha512": "270796e72ee6937f6d2c39f3eb1c940eabe2362f969edc4da1255e4bd4395542acaa4839f32ece2085e590363497bc6b3cde9604c06251fa0cff77bd7a4a28da", "md5": "3e7572be23c0b7e291c43fed9bf9afea"}, "versioninfo": {}, "ssdeep": "3072:2ucB4jZfsgXy8DyfKF0xI8PMTH1eD7xVM9E7qV4rff:FfZi9IiD7xVdGirH", "static_imports": {"count": 7, "GDI32.dll": ["GetROP2"], "SHELL32.dll": [], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree"], "MSVCRT.dll": ["div"], "ADVAPI32.dll": ["InitializeSecurityDescriptor"], "ole32.dll": ["CoGetCurrentProcess"], "USER32.dll": ["GetDC"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/virussign.com_f167f4f474a8b8ece3671d97f11515c8.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "e2be4f6f05d0c31935bc07968650d9a2", "peid_signatures": null, "pe_filename": "virussign.com_f167f4f474a8b8ece3671d97f11515c8.exe", "pe_timestamp": "2011-05-09 14:22:13", "virus_type": "virussign", "resource_attrs": {}, "section_attrs": {".data1": 1.5576365522745097, ".brdata": 7.904387657574341, ".rsrc": 7.527300280070368, ".rdata": 2.5652815652382057, ".data": 5.467472608442209, ".text": 6.100985305796579}, "signature": [], "infos": {"sha1": "931110f17bf351bc883b4f1219d7fd043ec82b05", "name": "virussign.com_f167f4f474a8b8ece3671d97f11515c8.exe", "type": "PE32 executable (GUI) Intel 80386, for MS Windows", "sha256": "ee3b10ec2e626f90900656f48d420dfafa23ea7efe2413902d350cee6799e103", "crc32": "8FBB62C1", "path": "./extract/virussign.com_f167f4f474a8b8ece3671d97f11515c8.exe", "ssdeep": "12288:baOKJ8/oiaz9sOAhuQBQcpYaS8f7gduOn07cg3a:iKAephdZz1+uy0ggq", "size": 501362, "sha512": "6b39bad2b929b9bf909e895509d99ecda33a02d21adf3061e0923f585b2cdf5cf2918051acde428a25655fd43aad3fe5e0f7da762adbb7934e17f598428b268f", "md5": "f167f4f474a8b8ece3671d97f11515c8"}, "versioninfo": {}, "ssdeep": "12288:baOKJ8/oiaz9sOAhuQBQcpYaS8f7gduOn07cg3a:iKAephdZz1+uy0ggq", "static_imports": {"count": 1, "KERNEL32.dll": ["CreateToolhelp32Snapshot", "Process32First", "Process32Next", "HeapAlloc", "HeapFree", "GetModuleHandleA", "GetStartupInfoA", "GetCommandLineA", "ExitProcess", "GetProcessHeap", "RtlUnwind", "VirtualQuery", "TerminateProcess", "GetCurrentProcess", "UnhandledExceptionFilter", "SetUnhandledExceptionFilter", "IsDebuggerPresent"]}} -------------------------------------------------------------------------------- /graph theory&&Threat Intelligence/data/virussign.com_f8257f26a497a33b2b4483d7dc27c310.exe.json: -------------------------------------------------------------------------------- 1 | {"languages": ["NEUTRAL"], "pe_imphash": "f5e3a89d0f3ed1b4e0156eaa149958ce", "peid_signatures": ["RCryptor 1.6c -> Vaska"], "pe_filename": "virussign.com_f8257f26a497a33b2b4483d7dc27c310.exe", "pe_timestamp": "1992-06-20 06:22:17", "virus_type": "virussign", "resource_attrs": {}, "section_attrs": {".RUPX1": 7.992215289036315, "RCryptor": 1.7877618178712287, "UPX1": 7.759258052029982, ".rsrc": 5.573236746107811}, "signature": [], "infos": {"sha1": "a587aedff17fe9dd75109076f9c0cfb63fbebace", "name": "virussign.com_f8257f26a497a33b2b4483d7dc27c310.exe", "type": "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed", "sha256": "38d520fdef8c89c27f38e94a2caf8a0b954d7e96bad2fada43a011b0ac368cf1", "crc32": "1EC6B17D", "path": "./extract/virussign.com_f8257f26a497a33b2b4483d7dc27c310.exe", "ssdeep": "6144:xdBWD7bJuZ7SoO5wIdjUEBqVAiG1QX5edoXKCjMgLiUsx:x3WDgEoDIdOCiG2ZKCogWUsx", "size": 343637, "sha512": "fa9a1dabb3903798ff9c45c8437c0d9c87c2b493d424ec3a5e37d32b3499c93371f7150e20a5e0f0451063085c2e0247f907026603e66b7e7af1ab70d155a383", "md5": "f8257f26a497a33b2b4483d7dc27c310"}, "versioninfo": {}, "ssdeep": "6144:xdBWD7bJuZ7SoO5wIdjUEBqVAiG1QX5edoXKCjMgLiUsx:x3WDgEoDIdOCiG2ZKCogWUsx", "static_imports": {"count": 9, "crypt32.dll": ["CryptUnprotectData"], "pstorec.dll": ["PStoreCreateInstance"], "shell32.dll": ["SHGetSpecialFolderPathA"], "KERNEL32.DLL": ["LoadLibraryA", "GetProcAddress", "VirtualProtect", "VirtualAlloc", "VirtualFree", "ExitProcess"], "rasapi32.dll": ["RasEnumEntriesA"], "oleaut32.dll": ["SysFreeString"], "advapi32.dll": ["LsaClose"], "ole32.dll": ["OleInitialize"], "user32.dll": ["ToAscii"]}} -------------------------------------------------------------------------------- /linux malware detect/README.md: -------------------------------------------------------------------------------- 1 | http://www.freebuf.com/articles/system/149827.html 2 | -------------------------------------------------------------------------------- /linux malware detect/bashd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/GeekOnlineCode/Code/d93c49c1a3a7d4d2b88f2bf91d642631543040db/linux malware detect/bashd --------------------------------------------------------------------------------