Permalink
Switch branches/tags
Nothing to show
Find file Copy path
f835899 Feb 11, 2016
guelfoweb v.5.0
0 contributors

Users who have contributed to this file

239 lines (237 sloc) 4.54 KB
{
"virustotal": {
"apikey": ""
},
"fuzzing": {
"String too long": "[A-Za-z0-9+/]{80,}",
"Possible encoded string": "(\\\\x[abcdef][abcdef|0-9]){3,}",
"Possible connections": ".*(curl|wget).*"
},
"mutex": [
"CreateMutexA",
"OpenMutex",
"ReleaseMutex",
"WaitForSingleObject"
],
"antidbg": [
"CheckRemoteDebugger",
"DebugActiveProcess",
"FindWindow",
"GetLastError",
"GetWindowThreadProcessId",
"IsDebugged",
"IsDebuggerPresent",
"IsProcessorFeaturePresent",
"NtCreateThreadEx",
"NtGlobalFlags",
"NtSetInformationThread",
"OutputDebugString",
"pbIsPresent",
"Process32First",
"Process32Next",
"RaiseException",
"TerminateProcess",
"ThreadHideFromDebugger",
"UnhandledExceptionFilter",
"ZwQueryInformation"
],
"apialert": [
"accept",
"AddCredentials",
"bind",
"CertDeleteCertificateFromStore",
"CheckRemoteDebuggerPresent",
"CloseHandle",
"closesocket",
"connect",
"ConnectNamedPipe",
"CopyFile",
"CreateFile",
"CreateMutex",
"CreateProcess",
"CreateToolhelp32Snapshot",
"CreateFileMapping",
"CreateRemoteThread",
"CreateDirectory",
"CreateService",
"CreateThread",
"CryptEncrypt",
"DeleteCriticalSection",
"DeleteFile",
"DeviceIoControl",
"DisconnectNamedPipe",
"DNSQuery",
"EnumProcesses",
"ExitProcess",
"ExitThread",
"FindWindow",
"FindResource",
"FindFirstFile",
"FindNextFile",
"FltRegisterFilter",
"FtpGetFile",
"FtpOpenFile",
"GetCommandLine",
"GetComputerName",
"GetCommandLineA",
"GetCurrentProcess",
"GetThreadContext",
"GetDriveType",
"GetFileSize",
"GetFileAttributes",
"GetHostByAddr",
"GetHostByName",
"GetHostName",
"GetModuleHandle",
"GetModuleFileName",
"GetProcAddress",
"GetStartupInfo",
"GetSystemDirectory",
"GetTempFileName",
"GetTempPath",
"GetTickCount",
"GetUpdateRect",
"GetUpdateRgn",
"GetUserNameA",
"GetUrlCacheEntryInfo",
"GetVersionEx",
"GetWindowsDirectory",
"GetWindowThreadProcessId",
"HeapAlloc",
"HttpSendRequest",
"HttpQueryInfo",
"IcmpSendEcho",
"IsBadReadPtr",
"IsBadWritePtr",
"IsDebuggerPresent",
"InitializeCriticalSectionAndSpinCount",
"InternetCloseHandle",
"InternetConnect",
"InternetCrackUrl",
"InternetQueryDataAvailable",
"InternetGetConnectedState",
"InternetOpen",
"InternetQueryDataAvailable",
"InternetQueryOption",
"InternetReadFile",
"InternetWriteFile",
"LdrLoadDll",
"LoadLibrary",
"LoadLibraryA",
"LockResource",
"listen",
"lstrcmp",
"MapViewOfFile",
"MessageBox",
"OutputDebugString",
"OpenFileMapping",
"OpenMutex",
"OpenProcess",
"Process32First",
"Process32Next",
"recv",
"ReadFile",
"ReadProcessMemory",
"RegCloseKey",
"RegCreateKey",
"RegDeleteKey",
"RegDeleteValue",
"RegEnumKey",
"RegOpenKey",
"ReleaseMutex",
"RemoveDirectory",
"send",
"sendto",
"SetFilePointer",
"SetKeyboardState",
"SetWindowsHook",
"ShellExecute",
"Sleep",
"socket",
"StartService",
"TerminateProcess",
"UnhandledExceptionFilter",
"URLDownload",
"VirtualAlloc",
"VirtualFree",
"VirtualProtect",
"WaitForSingleObject",
"WinExec",
"WriteProcessMemory",
"WriteFile",
"WSASend",
"WSASocket",
"WSAStartup",
"ZwQueryInformation"
],
"filetype": {
"Video":".3gp",
"Compressed":".7z",
"Package":".apk",
"Video":".asf",
"Web Page":".asp",
"Web Page":".aspx",
"Video":".asx",
"Video":".avi",
"Backup":".bak",
"Binary":".bin",
"Image":".bmp",
"Cabinet":".cab",
"Data":".dat",
"Database":".db",
"Word":".doc",
"Word":".docx",
"Library":".dll",
"Autocad":".dwg",
"Executable":".exe",
"Email":".eml",
"Video":".flv",
"FTP Config":".ftp",
"Image":".gif",
"Compressed":".gz",
"Web Page":".htm",
"Web Page":".html",
"Disc Image":".iso",
"Log":".log",
"Archive Java":".jar",
"Image":".jpg",
"Image":".jepg",
"Linker File":".lnk",
"Audio":".mp3",
"Video":".mp4",
"Video":".mpg",
"Video":".mpeg",
"Video":".mov",
"Installer":".msi",
"Object":".oca",
"Object":".ocx",
"Autogen":".olb",
"Backup":".old",
"Registry":".reg",
"Portable":".pdf",
"Web Page":".php",
"Image":".png",
"Slideshow":".pps",
"Presentation":".ppt",
"Image":".psd",
"Email":".pst",
"Document":".pub",
"Compressed":".rar",
"Text":".rtf",
"Executable": ".scr",
"Executable": ".so",
"Query DB":".sql",
"Adobe Flash":".swf",
"Image":".tif",
"Temporary":".tmp",
"Text":".txt",
"Compressed":".tgz",
"Audio":".wav",
"Audio":".wma",
"Video":".wmv",
"Excel":".xls",
"Excel":".xlsx",
"XML":".xml",
"Compressed":".zip"
}
}