popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-21 21:11:18

PE Imphash

fe54aa4914f46efb2484d8839e21efc3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000d07c 0x0000d200 5.62201804869
.rdata 0x0000f000 0x0000026e 0x00000400 2.69630668732
.data 0x00010000 0x0006a848 0x0006aa00 5.45512147441
.reloc 0x0007b000 0x000000d4 0x00000200 2.55072697385

Imports

Library SHLWAPI.dll:
0x1000f010 wnsprintfA
Library KERNEL32.dll:
0x1000f000 CloseHandle
0x1000f004 CreateFileA
0x1000f008 WriteFile
Library USER32.dll:
0x1000f018 GetClientRect
0x1000f01c GetClassNameA
0x1000f020 GetWindowTextA

Exports

Ordinal Address Name
1 0x10003bbd StartW
!This program cannot be run in DOS mode.
Richu1
`.rdata
@.data
.reloc
StartW
.text$mn
.idata$5
.rdata
.edata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
wnsprintfA
SHLWAPI.dll
CreateFileA
WriteFile
CloseHandle
KERNEL32.dll
GetWindowTextA
GetClientRect
GetClassNameA
USER32.dll
16<7B7H7N7
0^:T&"
2.H@k'
b]aZ:B
y2@jJw
u^\ga`
f3u$*z
dPSoW"+
Antivirus Signature
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee Clean
Cylance Clean
VIPRE Clean
AegisLab Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Avast Win32:BankerX-gen [Trj]
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
FireEye Clean
Emsisoft Clean
SentinelOne Clean
GData Win32.Trojan-Spy.TrickBot.HUQH4B
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Program:Win32/Wacapew.C!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes Clean
Panda Clean
APEX Malicious
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet PossibleThreat.PALLAS.H
AVG Win32:BankerX-gen [Trj]
Paloalto Clean
MaxSecure Clean
No IRMA results available.