popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-13 05:23:02

PE Imphash

a2c24e505877f49196365f7e8c56857e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.code 0x00001000 0x00000184 0x00000200 4.43332270822
.data 0x00002000 0x0000017c 0x00000200 2.99479435646
.idata 0x00003000 0x00000448 0x00000600 3.66676377433
.rsrc 0x00004000 0x000001e0 0x00000200 4.7085533373
.reloc 0x00005000 0x0000004c 0x00000200 1.13792973268

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x10003000 CreateFileW
0x10003004 GetFileSize
0x10003008 ReadFile
0x1000300c GetTempPathW
0x10003010 IsDebuggerPresent
0x10003014 DebugBreak
0x10003018 HeapCreate
0x1000301c HeapAlloc
0x10003020 VirtualProtect
0x10003024 lstrcatW
Library rtutils.dll:
0x10003074 TracePutsExA
0x10003078 LogEventA
0x1000307c TracePrintfExW
0x10003080 TraceGetConsoleA
0x10003084 RouterLogDeregisterW
Library pdh.dll:
0x10003060 PdhValidatePathW
0x10003064 PdhSelectDataSourceA
0x10003068 PdhGetCounterTimeBase
0x1000306c PdhCloseLog
Library urlmon.dll:
0x10003090 FindMimeFromData
0x10003094 GetClassFileOrMime
0x10003098 CopyBindInfo
Library MSACM32.dll:
0x1000302c acmDriverMessage
0x10003030 acmMetrics
0x10003034 acmFormatEnumA
0x10003038 acmDriverID
0x1000303c acmFormatEnumW
Library ODBC32.dll:
0x10003044 None
0x10003048 None
0x1000304c None
Library SHELL32.dll:
0x10003054 SHGetFileInfoA
0x10003058 ExtractAssociatedIconW

Exports

Ordinal Address Name
1 0x10001000 Rcxlxosdkhvclf
!This program cannot be run in DOS mode.
.idata
@.rsrc
@.reloc
trVSSh
aqrz1dc49.dll
Rcxlxosdkhvclf
.text$mn
.rdata
.edata
.rdata$zzzdbg
.idata$5
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
CreateFileW
GetFileSize
ReadFile
GetTempPathW
IsDebuggerPresent
DebugBreak
HeapCreate
HeapAlloc
VirtualProtect
lstrcatW
KERNEL32.dll
TracePrintfExW
RouterLogDeregisterW
LogEventA
TraceGetConsoleA
TracePutsExA
rtutils.dll
PdhValidatePathW
PdhGetCounterTimeBase
PdhCloseLog
PdhSelectDataSourceA
pdh.dll
GetClassFileOrMime
RegisterBindStatusCallback
CopyBindInfo
FindMimeFromData
urlmon.dll
acmMetrics
acmDriverMessage
acmFormatEnumA
acmDriverID
acmFormatEnumW
MSACM32.dll
ODBC32.dll
ExtractAssociatedIconW
SHGetFileInfoA
SHELL32.dll
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0-0:0G0d0y0
1 1&1,12181>1D1J1P1V1\1b1h1n1t1z1
\gpz8ar381j61mdp9ky2
Antivirus Signature
Bkav Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Clean
CrowdStrike Clean
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Gen:NN.ZedlaF.34670.au4@a8OIs8mi
Cyren W32/Injector.AGZ.gen!Eldorado
Symantec Clean
ESET-NOD32 a variant of Win32/Injector.EPCK
Baidu Clean
APEX Clean
Avast Clean
Cynet Malicious (score: 100)
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Trojan.FormBook!8.F858 (CLOUD)
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Troj/Kryptik-VJ
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/FormBook.PK!MTB
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!38B02C707606
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/Injector.EPAI!tr
Paloalto Clean
Qihoo-360 Clean
No IRMA results available.