Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x0006d81d	0x0006da00	7.84604202246
.data	0x0006f000	0x005d4818	0x00001a00	3.03640423547
.mudavav	0x00644000	0x00000179	0x00000200	0.0
.tls	0x00645000	0x00000009	0x00000200	0.0
.new	0x00646000	0x000040d7	0x00004200	5.33614952159
.rsrc	0x0064b000	0x00001978	0x00001a00	5.84487176952
.reloc	0x0064d000	0x0000555a	0x00005600	2.53770853696

Name	Offset	Size	Language	Sub-language	File type
RT_ICON	0x0064b130	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_STRING	0x0064c3b0	0x000005c4	LANG_LATVIAN	SUBLANG_DEFAULT	data
RT_GROUP_ICON	0x0064c1d8	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	data
RT_VERSION	0x0064c1f0	0x000001bc	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

Ordinal	Address	Name
1	0x4683cc	Linear

!This program cannot be run in DOS mode.

`.data

.mudavavy

@.rsrc

@.reloc

0WWWWW

QQSVWd

0SSSSS

_VVVVV

>=Yt1j

j@j ^V

HtHu4j

s[S;7|G;w

tR99u2

HHt*HHt

<0|<9

tK<_t<<$t8<<t4<>t0<-t,<a|

<z~$<A|

<0|O<9

tU<A|B<P

tY<@tO<Zt

t\<@tXj'

NtFNt#NuV

t.<@t5V

TtUHtKHtAHt

0t-HHt

AtIHt0Hu

URPQQh

0A@@Ju

0SSSSS

u,VVWV

t VV9u

;t$,v-

UQPXY]Y[

C PjPV

C$PjQV

C*PjTV

C+PjUV

C,PjVV

C-PjWV

C.PjRV

C/PjSV

.;1s(N

HHt4HHt

Ht\Ht,

teHtFHt&Hu

ty<%tA

PPPPPPPP

t"SS9]

^SSSSS

>:u8FV

VVVVVQRSSj

^SSSSS

0SSSSS

t+WWVPV

^SSSSS

^WWWWW

0SSSSS

8VVVVV

Tc#IO,x9

hivKXt

n,tW8'k

~,/474

"?V'qp!

5)Tn;

*)^t#3

Bf 2~AA

MdgM9%M

O_>Z77v`

!,rdQH=

]$T9zL

hWG<pQ@s

s0b7`Ml

y 59?]

I]>p(U\

rkV +M

pk*LW>)

O08}aDP

hK<j/V

#(`c^GH

\A#7U

|">&Rg

?v0E~u}

~]olJB

R@|x0A)z<K

6c(6<Hw

1`uH3L7

BkPXd/

G`w@+~%Z!A'p~

IN!47I

J%1JR!

]gw}zOe4

Mx;(z+5bC4)

!>3adTR@

yK3f~t

uoSL(F

Tj%K6a

.[*$<'

M%K4qt

N)33dnk

{e",[]$TPZ

%1L.Y]

:RXR#Oo

YWqT1

xMi:hM$

!E|>bo

AJcxcX

[F6&u]?

h<Esj0

`\W6QS+`

i i!Cg

mv.n#{

Z4X*QYU

Gh]TPl@

wJdD,S

X,*>1J>

cr%<Cw5

]{~l}

/$';8w

evzM0J

#`^|0,

2ad]\(A

LdQ;$o

S-cNi)

fn)%(!

uVyCM9

ll"WoZ

%/eX)sj

3l4!E:

AtPbqs] [

'VPko})

qf-^|{'C

BuWCl^'

lt!]T{

^8n9T1R>d

(5mT-b!

1t`ZuW

,:|Ng

j=Na#8

`k\jdW

ec&V-=

9`GUH{g

r0Sp.B

7"Pymz

9EkIr9

%kNcAa

[u*C$T

E<#%{o

P%^(~/

DJt8_b

X!KU@V

7%4p;z

vx^GS\h

R~Igmc

$wud2>Q

-GSYrM

x@y&c>n

/yVtwM

1#Flp|

H[OXD]

.F8~<e

MM*ay:

AZ]e<CP

)29)fim

xOv)"w

uJ%L48$

4tiGaV

R$5R,`

&Cb/K

7L)va~

$wF]Ln

BA0#]SI

<iCuv

J:ZPMD(E

rj\')^!R

$zdJ9;

6]$x0[w

p;3-k,q

FB#9Tm

|MOhw:

CtN >Y

=V\b&$i"*b

83aJK{

@P};^y,P

}]D=Y"

0]Z68]

+GRtac

yuW:fx

gJc9?7V

8eHe|{

o~;OkL

=xKiN\

/^y#JT-*

#>zDQ4

S.$gpS&

^X<eW%

#2`/lIC

Yr@r^<

Bt:Q:ca\

9*C`e}

~SCAUGN

;(W^"b

jdqrw@

_EH]Y44

"\d^~$z

:6)/v=

*_efcz

+7bJg<5

W!!+ZP

vzZfp/

KcM#S(

&QclG

(/)+VG

pD*21H,

KPq5s0

9jd,0c

)eKM,Xe

h> mX4

CU;VFy

!Nm&8,

G&1;6lB

t.B1Ty

pqQ~CK

TgbpGHtNTi]O

4l'WAY~

[;f$jx

uVeU|lN2

/avTZ_v

njhJ2N

`#H.]J%A

--"{8,.8

_*mp(h

gVQY)=_

y/2[jX

ZI~OBz

Wpt7zT[

h5~rZw

/q50J5

rkikhOX

}2-'am

UmA?tl

y"6x %

Z`RTAm

&A5>C$

%[^}bAxvlH

)[tAdI

7:AXuI|

xc}=7"X

4)mF{

@_nL)~

FeM_h>d0

df=|OP

2~5So)

J&2Uh'

<A;f:c

1bJn(b

v[EqSg

YuJei7M

q[v*|76V

"EG)1{

?ZkB`[

o8^3/x

5kf:rD

Q79e(B

$y>Cxi

h$#2Ph

?N?k(D

h#!1`^

@ohRp

EPbw rK

V:wy%gXa

ds<f6p

yd`4bT

worU6R

D+{"-D

CuJM=b

6hZ<LO

;+M}i

g!Me[C

/})#hb

Fv,5OJ

m4p3)\C#

i;_*ED

NNjJo^

{s?Zp=nE

[RWMnj

L8@R;O

I]d1X)Z$

3GcJtP`

hLA=8W

.Q?~A\

aju&l(

n bLN

vFxB&o

qcC|&w

BxQz_}9

B>o^{t

f}rD(}

@6rbleL

qY2aZUq

}\@H94

klA'cB

^Jfrz_X[

Q_Gmr2

+XF1uHD

q/M+{[

tEQ4>_

C<r8@o

TG@!H*

hpS-Wg

R8R9/

O/<bn4q

5S0ae"

kGZ3"#'

}W`4RC6

#EwPgr)

Ffzx#Q

<fdY^:

z<9`C-

wD!o\0

'aiN=m

dU@J=4

S l4c9A

'"]P&_C

MM3PNq

v/9nQ}

sa!qq

"3GAlRm

.`I'G"{5

DP@-!&

?3bPU&gX

R~r.*>NUBt

M\=XrBi&

/1gkG%

A>]*}f

vA&8W+

3z6>!F

57ceKz}9

if^:kWe

`-0t=^

3)!HYz

aa3p*n,

4<s#0.

i3EtK6Zbu

k#teAa

$"jmFzV

bKU$p

iJW}9-

,2&3`)

%RL3H:

him(NF

l"*A@ED>

KA(/J8

Co7biXf

Du&Ubms

G?Z!)uu

nAd!~N!

'P!ve*

|9f.|@Jk

h@aC'T

G5<_C`

qV=k2

l8e!z`:

yhU7!+

P|S!25

ymh:$S

-P).}E9|

JEy5V@

4):m+Y

`#cy.#

u0^_-I6Uy

/l&SKr

hx]gp .P<

VoOu*_t

|&y~t#

(@|cj.3

"nKG2*r

[W.RFp

7w9U$Je

="5XOw#V

TzS#V(v

T0UFdw

)b7XG~

Ly0EZh

Mg\!0T

*gsWIx

I,[PYHX

%?V^Jy

;c`pI>X>

]bOuJ}

~uV.(Z

Q`(>90

Eg>NRM

~Gukim

[sESoh

mdIkt#

*VpLNs

[>Z!VM

U[UP%

h:oZ|g]

Uyx">"

>y0FqF

gbkgFv

Iu6q^t

@c"@Y

+$sb\Op

i,[e>M

xq|rNx~

A^KJ'P

5Uk>Ip

i#s(m,

Hw)&m>Rq

9CY>n^

._Tk-wWdq

_CeIEe+

#1{(n!n

AM-R<5

Pjx\+f

*F0ZY$

=n=Td:b

D9t}=O

h{fC?C|

nD";5

|nZd{`

,o#_%WS

98S%_G

}okc($Y

3{>XA

,+dQh

rRO~_s

/ E)_|

Bv]9Sr

YK'%^A

u:gmjq

X.0!#2

rpst!G

ny3D@i

AcN#Ko5

;^|hyH

v`IoPR

9^.4n!

x}OuAR

jl4.Tq

hjB>t4|

]bYjTh

hEl\Y

Z?Oee9

tVlAL]

8Tt3:9p

H$`^ aY

O`Gg-

RUU|c`

v c<=yS

6e=fbn

7/6]!b

xcA69P

.q9A"(W

C7zZhh

Ibj6QrqU

9lF&C,^

|JpY,Y5

dD5~N5z

vOBw~S

,aC58b0

On(mFa

6mq3y%Ho

^V[.;%

qN(5*`

YUsf9Fl

?SI9/Cz

B*nk)a

jS-j4z

jxNJqntH

Y-'N#

W${1#a:)

4zKjx%

?4J6`,+Kd

^%g@v^lg

+'QPaUX

MXLC~u

/b7rj9

# \7go?1

DcWovFDK

B!D&4@

mtY}W|

,Pb_|P

*9Cs`1X$*

!E7~#8

HqcL$

w>7mY

_C3vb%M1

y8#IyTC

vI}9H[

OW&H^}

/iW L<

(U8sa@B

'W0MV6m

7@;|cL

T=$:6[

.g;ljm

U)52ix

Y&(Bch

X,&x3T

;Ww\dx`T1bg

f(2^,}

!<p>?^

JqPCVY

k]&,RCR

OpUOzY

Cpq}@X'

3:2XEw

1< <%nA

gI+pr)

BZyKifO

!7<B$kr"

ad#;k]=}

ZG!w6n

+DCyat

J2Wsf

R0NAll%

T%jAlv4

MkljB6

?x.Vur

9c&gR5

iHsvVA

?ZjoLp

>:7dT'F

Zt%&17_(

uZKQ;i

!3-FVxCW

8\~\C(

JI$nCWe

D\10\t

2pIF9}

mUUMEF

P_'?#A9E

3~5q0X

a#RnO5

D~%2Zw

~L,J8N

Ry?ZQi

?|p8c

D3eWLu

fG~):!

.QYa8x

&PD~w(y

T+|&;s

"([2M`6

k"\^PqF

[p<yDr

"*#NFPq

LdccsR^\q.,

"qj~PI&15

Nh}p-X

-7oAg

#] M&P{a

Mv([eg

~SGq&:

2V=.X6

UrK \5`zp

":$X)M

q1RZ8>

*jU"VOT

W;Rp-?

q$u;e|{

|}O"J8

;RknC04;Se

1yo^L[

(C~@9{

U6"P9z

,vhM`@

OB3uBE

"Z|"o0

7XB_*1

b\g(qRK

D8Gr<{

5 ct<}

Vi+o??j_i

^}kZaU82

T`DR"

z0paT4

ouzSPk?

#F:4:q

fQ*0\rd

oDP1v]oS

m-`*l_

mvBUZs

!OYjwU

kIwtjz

nK?.D^

M5*G{z

\WBG9

<PRnWr

:>K\!a

g'g:)M<A

@}VgSUh

Rt-P2>

bXp3c,

Oy4Y^_$

/]npE{

tuVB8q

,lS?%B

T{4e}RB

Y(bVMS

bS'Kb6yz

fm[@H1

O&pT_k

5iU3G)

|#oKVL

5,r|;D

)x9J$:

#me?i7F

>hqwt"+*

rFE8wv

{"A*%-

0s/^k"i

?bgMD0

%4Am1f

_9e*R3>

ZbxeYl

|*>(JH

5im2D68H

FAM_W,'

K'bJn2

fYq5-T

u"VVVVVV

_VVVVV

^WWWWW

tNIt?It0It

0SSSSS

_VVVVV

<+t(<-t$:

+t HHt

.?AVinvalid_argument@std@@

.?AVout_of_range@std@@

.?AVbad_cast@std@@

.?AVbad_typeid@std@@

.?AV__non_rtti_object@std@@

.?AVtype_info@@

.?AVbad_exception@std@@

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

.?AVexception@std@@

.?AVlogic_error@std@@

.?AVlength_error@std@@

.?AVbad_alloc@std@@

string too long

invalid string position

invalid string argument

Unknown exception

CorExitProcess

EncodePointer

DecodePointer

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

runtime error

TLOSS error

SING error

DOMAIN error

An application has made an attempt to load the C runtime library incorrectly.

Please contact the application's support team for more information.

- Attempt to use MSIL code from this assembly during native code initialization

This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.

- not enough space for locale information

- Attempt to initialize the CRT more than once.

This indicates a bug in your application.

- CRT not initialized

- unable to initialize heap

- not enough space for lowio initialization

- not enough space for stdio initialization

- pure virtual function call

- not enough space for _onexit/atexit table

- unable to open console device

- unexpected heap error

- unexpected multithread lock error

- not enough space for thread data

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

- not enough space for environment

- not enough space for arguments

- floating point support not loaded

Microsoft Visual C++ Runtime Library

Runtime Error!

Program:

SystemFunction036

ADVAPI32.DLL

bad exception

Complete Object Locator'

Class Hierarchy Descriptor'

Base Class Array'

Base Class Descriptor at (

Type Descriptor'

`local static thread guard'

`managed vector copy constructor iterator'

`vector vbase copy constructor iterator'

`vector copy constructor iterator'

`dynamic atexit destructor for '

`dynamic initializer for '

`eh vector vbase copy constructor iterator'

`eh vector copy constructor iterator'

`managed vector destructor iterator'

`managed vector constructor iterator'

`placement delete[] closure'

`placement delete closure'

`omni callsig'

delete[]

new[]

`local vftable constructor closure'

`local vftable'

`udt returning'

`copy constructor closure'

`eh vector vbase constructor iterator'

`eh vector destructor iterator'

`eh vector constructor iterator'

`virtual displacement map'

`vector vbase constructor iterator'

`vector destructor iterator'

`vector constructor iterator'

`scalar deleting destructor'

`default constructor closure'

`vector deleting destructor'

`vbase destructor'

`string'

`local static guard'

`typeof'

`vcall'

`vbtable'

`vftable'

operator

delete

__unaligned

__restrict

__ptr64

__clrcall

__fastcall

__thiscall

__stdcall

__pascal

__cdecl

__based(

{flat}

`non-type-template-parameter

unsigned

short

,<ellipsis>

throw(

`template-parameter

cli::pin_ptr<

cli::array<

`anonymous namespace'

generic-type-

template-parameter-

`unknown ecsu'

union

struct

class

coclass

cointerface

extern "C"

[thunk]:

public:

protected:

private:

virtual

static

`template static data member destructor helper'

`template static data member constructor helper'

`local static destructor helper'

`adjustor{

`vtordisp{

`vtordispex{

const

volatile

signed

double

UNKNOWN

__int128

wchar_t

__int64

__int16

__int32

__int8

__w64

LC_TIME

LC_NUMERIC

LC_MONETARY

LC_CTYPE

LC_COLLATE

LC_ALL

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

GetProcessWindowStation

GetUserObjectInformationA

GetLastActivePopup

GetActiveWindow

MessageBoxA

USER32.DLL

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

HH:mm:ss

dddd, MMMM dd, yyyy

MM/dd/yy

December

November

October

September

August

February

January

Saturday

Friday

Thursday

Wednesday

Tuesday

Monday

Sunday

united-states

united-kingdom

trinidad & tobago

south-korea

south-africa

south korea

south africa

slovak

puerto-rico

pr-china

pr china

new-zealand

hong-kong

holland

great britain

england

britain

america

swedish-finland

spanish-venezuela

spanish-uruguay

spanish-puerto rico

spanish-peru

spanish-paraguay

spanish-panama

spanish-nicaragua

spanish-modern

spanish-mexican

spanish-honduras

spanish-guatemala

spanish-el salvador

spanish-ecuador

spanish-dominican republic

spanish-costa rica

spanish-colombia

spanish-chile

spanish-bolivia

spanish-argentina

portuguese-brazilian

norwegian-nynorsk

norwegian-bokmal

norwegian

italian-swiss

irish-english

german-swiss

german-luxembourg

german-lichtenstein

german-austrian

french-swiss

french-luxembourg

french-canadian

french-belgian

english-usa

english-us

english-uk

english-trinidad y tobago

english-south africa

english-nz

english-jamaica

english-ire

english-caribbean

english-can

english-belize

english-aus

english-american

dutch-belgian

chinese-traditional

chinese-singapore

chinese-simplified

chinese-hongkong

chinese

canadian

belgian

australian

american-english

american english

american

Norwegian-Nynorsk

SunMonTueWedThuFriSat

JanFebMarAprMayJunJulAugSepOctNovDec

bad allocation

kernel32.dll

VirtualProtect

vector<T> too long

GAIsProcessorFeaturePresent

KERNEL32

_nextafter

_hypot

1#QNAN

1#SNAN

MapViewOfFile

FindResourceW

FreeLibrary

LoadLibraryExW

InterlockedIncrement

GetConsoleAliasA

GetModuleHandleExW

GetTimeFormatA

ConnectNamedPipe

GetTickCount

TzSpecificLocalTimeToSystemTime

GlobalAlloc

TerminateThread

GetLocaleInfoW

GetSystemTimeAdjustment

GetFileAttributesA

SetConsoleCursorPosition

GetFileAttributesW

SetTimeZoneInformation

GetAtomNameW

lstrcatA

RaiseException

GetLastError

GetProcAddress

OpenWaitableTimerA

SetConsoleOutputCP

FindAtomA

GlobalFindAtomW

GetModuleHandleA

GetFileTime

FileTimeToLocalFileTime

GetCurrentProcessId

KERNEL32.dll

RegCreateKeyW

ADVAPI32.dll

GetModuleHandleW

ExitProcess

GetCommandLineA

GetStartupInfoA

RtlUnwind

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

HeapAlloc

HeapFree

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

SetLastError

GetCurrentThreadId

InterlockedDecrement

GetCurrentThread

WriteFile

GetStdHandle

GetModuleFileNameA

DeleteCriticalSection

LeaveCriticalSection

FatalAppExitA

EnterCriticalSection

SetConsoleCtrlHandler

InterlockedExchange

LoadLibraryA

InitializeCriticalSectionAndSpinCount

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

SetHandleCount

GetFileType

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetSystemTimeAsFileTime

VirtualAlloc

HeapReAlloc

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapSize

GetLocaleInfoA

GetDateFormatA

GetUserDefaultLCID

EnumSystemLocalesA

IsValidLocale

GetStringTypeA

MultiByteToWideChar

GetStringTypeW

LCMapStringA

LCMapStringW

GetTimeZoneInformation

CompareStringA

CompareStringW

SetEnvironmentVariableA

hedokiway.exe

Linear

0)151C1c1

2G5Q5n5y5

5F6K7V7

8p8v8|8

9$9*909F9S9f9

:4:E:O:l:

=!===Z=g=

0&0-0O0

1&1.1A1L1Q1a1k1r1}1

1:2G2q2v2

2U3b3n3{3

4 4&484@4K4[4o4

<!<)<1<9<E<N<S<Y<c<l<w<

</=H=O=W=\=`=d=

=>>D>H>L>P>

?;?m?t?x?|?

>0P0"1,191T1[1t1

4;4A4^4d4

5'5v5|5

6Z6`6l6

7#8A8H8L8P8T8X8\8`8d8

8&919L9S9X9\9`9

:J:P:T:X:\:

:<;Y;^;E<J<d<

<s=b>z>

?'?.?B?I?a?r?x?

0#0*0B0Q0X0e0

13191U1m1

202:2r2z2

3'3/353>3E3`3e3m3s3z3

4(4-484=4J4X4^4k4

5,575[5d5k5t5

6+6>6V6h6~6

7 7&7I7P7i7}7

8'9@9i9n9

=$=<=T=

>A>L>[>

? ?9???

0'0B0H0^0d0

2(2.2;2J2t2

5%6{6V7

7848J8f8x8

080Z0~0

1=1J1V1^1f1r1

6)6b6p6

7W9e9k9

:!:':2:7:?:E:O:V:j:q:w:

?'?0?=?H?Z?f?t?z?

2#3)3P3\3

:#;M;];i<

==-=;=F=Q=\=j=u=

+0P0X0]0d0j0p0u0{0

<.<I<U<

>;?b?g?n?u?|?

090[0a0m0t0

0'1B1t1}1

2+2K2U2

4!5/565r5}5

6%6@6T6e6r6

;';.;P;U;q;

;<-<\<v<

161F1S1s1~1

2<2C2L2V2]2i2o2~2

3"3(3.3W3a3|3

414A4f4

5.6O6d6

7757Z7

;:<R<r<

=M=m=z=

4U5i5o5

6!707h7y7

1%12181B1P1z1

4 4V4]4b4l4v4

515R5\5f5

696@6G6N6l6y6

6<7N7b7

939@9P9`9

99:E:Q;x;~;

=D>[>l>

>-?9?B?K?W?c?o?{?

23%3B3G3

0"1*1?1J1

5"5>5G5M5V5[5j5

6+646@6w6

7 7,7X7f7l7|7

9(:/:7:o:

838<8]8

3 3Z3\5

8S9e9o9y9

<H<X<j<~<

88<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8

? ?$?(?,?0?4?@?J?b?i?s?{?

6!7'7x7~7

9><E<z<

041:1@1F1

2 282R2q2

3:3D3t3

696?6E6Q6W6

7!7)71797B7K7W7c7p7w7

7%8*8{8

4p6v6|6

7$7*70767<7B7H7N7T7Z7`7f7l7r7x7~7

3%3*313=3B3H3]3o3t3

4$404G4N4X4`4u4{4

5"565=5C5U5[5d5r5x5

6(616?6b6l6

7"727C7I7~7

9!9*929

5#545:5t5|5

5&6V6_6z6

7#7*737<7E7N7W7c7o7x7

:5:B:P:

T1a1|1Y4

; ;$;(;,;0;4;8;<;@;D;Q;

0(0H0L0h0

3$3,3P4T4X4\4`4d4h4l4p4t4

4X5h5x5

: ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;h;l;p;t;x;|;

3,444<4D4L4T4\4d4l4t4|4

2L2P2T2l2p2t2x2|2

0 0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0

1 1$1(1,1014181<1

X4`4h4p4x4

5 5(50585@5H5P5X5`5h5p5x5

6 6(60686@6H6P6X6`6h6p6x6

788<8@8|:

;$;<;L;P;`;d;t;x;|;

< <8<H<L<\<`<h<

=,=0=@=D=H=P=h=x=|=

=,>8>X>`>h>l>p>x>

?0?P?p?

080D0`0

1 1@1\1`1|1

2$2(2D2H2X2|2

3 3$3,3@3\3`3

404<4H4h4

5(5H5h5

6$686@6D6L6T6

7 7T7X7

mscoree.dll

KERNEL32.DLL

((((( H

h(((( H

VS_VERSION_INFO

StringFileInfo

040904E4

FileVersions

7.0.2.54

ProductVersion

7.0.21.21

InternalNames

galimatimot

LegalCopyrights

Wsekde

VarFileInfo

Translations

VFeri saxovejodecemeb duvi sahece siyeveyayez wolabic sedebukapi winitilinabos fayisulo,Kotedusacuxe gucovom niv safigo samuvexogakaSBiyiyur nofamubezil gajahamifuxan guxecefit nirocecut ram kibuvagefusu mizotulo puc

Ripejizo hebixalej yeyefe6Pawarito hetocajoyocaf bilusuwicoma xeg numonaviziwajeUBakihasafunidah nupu vekivo gonununehito luwoveb kapozifuhajapi tolixug vizuyidahinidGKunih hotitodufulaha dusu nopecokujif haracipeliwelal cezejisa yetujogoONorodabikuzalo dab rujavavubaneta hupe wetuwetez xacapuvan xehu xoli hunuyulije

Bixovuc

\Lebane xozi sumepoluke fevagipotafeyi vojaveyijevokib xugakepuvotuje tijuce yizahi govuyevij`Juvuxahuxi bugajidetu mivapuwerahiyik vatunipafo retuwuvuduloc volixusafi kefayepu gayenotunaxod

Antivirus	Signature
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36802096
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Clean
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0056f9be1 )
BitDefender	Trojan.GenericKD.36802096
K7GW	Trojan ( 0056f9be1 )
Cybereason	malicious.f2beb2
Baidu	Clean
Cyren	W32/Convagent.B.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HKPD
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
ClamAV	Clean
Kaspersky	HEUR:Trojan.Win32.Telebot.gen
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
AegisLab	Clean
Rising	Trojan.Kryptik!8.8 (CLOUD)
Ad-Aware	Trojan.GenericKD.36802096
TACHYON	Clean
Emsisoft	Trojan.GenericKD.36802096 (B)
Comodo	Clean
F-Secure	Clean
DrWeb	Trojan.DownLoader38.38755
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
FireEye	Generic.mg.e716d52efd4cfaa3
Sophos	ML/PE-A + Troj/Steal-BKC
Ikarus	Trojan.Win32.Crypt
Jiangmin	Clean
Webroot	W32.Malware.Gen
Avira	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Microsoft	Trojan:Win32/Azorult.NT!MTB
Gridinsoft	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	HEUR:Trojan.Win32.Telebot.gen
GData	Trojan.GenericKD.36802096
Cynet	Malicious (score: 100)
AhnLab-V3	Malware/Win.AGEN.R417906
Acronis	suspicious
McAfee	RDN/Generic.grp
MAX	malware (ai score=86)
VBA32	BScope.Trojan.AET.281105
Cylance	Unsafe
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H0CDR21
Tencent	Clean
Yandex	Clean
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Kryptik.HKPK!tr
BitDefenderTheta	Gen:NN.ZexaF.34684.EC0@aK!ItSok
AVG	Win32:PWSX-gen [Trj]
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports

Exports