popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-05 19:31:42

PE Imphash

28b031d0558b8e7db218ee60c7804970

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0002d23d 0x0002d400 6.53566129927
.rdata 0x0002f000 0x000003fc 0x00000400 4.80060729236
.data 0x00030000 0x00004058 0x00004200 5.36136025879
.pdata 0x00035000 0x000000c0 0x00000200 2.11497191665
.ndata 0x00036000 0x00004fff 0x00005000 4.85624907844

Imports

Library KERNEL32.dll:
0x18002f000 GetCurrentProcessId
0x18002f008 GetCurrentThreadId
Library USER32.dll:
0x18002f018 MessageBoxA

Exports

Ordinal Address Name
1 0x180001000 ?GetDuy@@YAHXZ
2 0x180001000 ?tmory@@YAHXZ
3 0x1800013d6 DllRegisterServer
4 0x18000b13e PluginInit
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.ndata
AWAVVWUSH
0[]_^A^A_
AWAVAUATVWUSH
h[]_^A\A]A^A_
AWAVAUATVWUSH
+L$ +L$
+L$ +L$
+L$ +L$
+T$ +T$
+T$ +T$
+L$ +L$
h[]_^A\A]A^A_
AWAVAUATVWUSH
|$`+|$$+|$$
|$`+|$$+|$$
|$`+|$$+|$$
|$`+|$$+|$$
|$`+|$$+|$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
jt{=VN
D$`+D$$+D$$
jt{=VN
D$`+D$$+D$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
jt{=VN
D$`+D$$+D$$
+l$$+l$$
+L$$+L$$
jt{=VN
D$`+D$$+D$$
+l$$+l$$
+L$$+L$$
+L$$+L$$
jt{=VN
D$`+D$$+D$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+l$$+l$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
+L$$+L$$
jt{=VN
D$`+D$$+D$$
+L$$+L$$
+T$$+T$$
jt{=VN
D$`+D$$+D$$
+L$$+L$$
[]_^A\A]A^A_
AWAVATVWSH
X[_^A\A^A_
AWAVAUATVWUSH
+L$(+L$(
+L$(+L$(
+L$(+L$(
Atx=k^
+L$(+L$(
Atx=k^
+L$(+L$(
Atx=k^
+L$(+L$(
+L$(+L$(
+L$(+L$(
+T$(+T$(
Atx=k^
Atx=k^
+L$(+L$(
+|$(+|$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
Atx=k^
+L$(+L$(
Atx=k^
+L$(+L$(
+L$(+L$(
+L$(+L$(
+T$(+T$(
+L$(+L$(
+L$(+L$(
Atx=k^
+L$(+L$(
+T$(+T$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
D$xLc@<H
+|$(+|$(
Atx=k^
+L$(+L$(
Atx=k^
+L$(+L$(
+D$(+D$(
+|$(+|$(
+|$(+|$(
+T$(+T$(
+T$(+T$(
+|$(+|$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
[]_^A\A]A^A_
AWAVAUATVWUSH
+4$+4$
+4$+4$
@[]_^A\A]A^A_
AWAVAUATVWUSH
+T$0+T$0
|$d=/t
+D$0+D$0
+L$0+L$0
+D$0+D$0
+L$0+L$0
+L$0+L$0
+D$0+D$0
+L$0+L$0
+L$0+L$0
+L$0+L$0
[]_^A\A]A^A_
AWAVAUATVWUSH
+D$ +D$
+D$ +D$
+T$ +T$
+D$ +D$
+D$ +D$
+D$ +D$
+T$ +T$
+T$ +T$
+D$ +D$
+D$ +D$
+T$ +T$
+T$ +T$
+D$ +D$
+T$ +T$
+T$ +T$
+T$ +T$
+D$ +D$
+D$ +D$
+D$ +D$
+T$ +T$
+T$ +T$
+D$ +D$
+D$ +D$
+T$ +T$
+D$ +D$
+T$ +T$
[]_^A\A]A^A_
AWAVAUATVWUSH
+4$+4$
+4$+4$
+4$+4$
+<$+<$
+<$+<$
+4$+4$
+<$+<$
+4$+4$
t$0;t$4
t$0;t$4
H[]_^A\A]A^A_
AWAVAUATVWUSH
+L$ +L$
L$`HcA<H
+t$ +t$
+L$ +L$
+t$ +t$
+L$ +L$
+L$ +L$
+L$ +L$
+T$ +T$
+L$ +L$
+L$ +L$
+L$ +L$
+L$ +L$
+L$ +L$
+L$ +L$
+L$ +L$
+L$ +L$
+T$ +T$
+T$ +T$
+L$ +L$
+L$ +L$
+L$ +L$
+T$ +T$
+L$ +L$
+T$ +T$
+L$ +L$
+T$ +T$
+T$ +T$
+T$ +T$
+L$ +L$
+T$ +T$
+T$ +T$
+D$ +D$
+L$ +L$
+L$ +L$
+L$ +L$
[]_^A\A]A^A_
AWAVAUATVWUSH
D$`+D$(+D$(
D$`+D$(+D$(
D$`+D$(+D$(
D$`+D$(+D$(
D$`+D$(+D$(
+D$(+D$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+D$(+D$(
+D$(+D$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+L$(+L$(
+D$(+D$(
+T$(+T$(
+l$(+l$(
+L$(+L$(
+L$(+L$(
+l$(+l$(
+L$(+L$(
[]_^A\A]A^A_
AWAVAUATVWUSH
QWt{=s
QWt|=s
T$@Lcb<I
QWt|=s
P[]_^A\A]A^A_
AWAVAUATVWUSH
[]_^A\A]A^A_
AWAVAUATVWUSH
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+|$(+|$(
x[]_^A\A]A^A_
AWAVAUATVWUSH
QWt}=s
+D$(+D$(
QWt}=s
+D$(+D$(
+\$(+\$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+D$(+D$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+T$(+T$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+L$(+L$(
+D$(+D$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+T$(+T$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+L$(+L$(
+D$(+D$(
+L$(+L$(
+D$(+D$(
[]_^A\A]A^A_
.idata$5
.rdata
.rdata$zzzdbg
.xdata
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
.ndata
cr1.dll
?GetDuy@@YAHXZ
?tmory@@YAHXZ
DllRegisterServer
PluginInit
GetCurrentThreadId
GetCurrentProcessId
KERNEL32.dll
MessageBoxA
USER32.dll
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Clean
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Avast FileRepMalware
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win64.Ardurk.dh
CMC Clean
Emsisoft Clean
SentinelOne Clean
Jiangmin Clean
MaxSecure Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/IcedID.GG!MTB
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
Webroot Clean
AVG FileRepMalware
Paloalto Clean
Qihoo-360 Clean
No IRMA results available.