popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-03 05:33:45

PDB Path

C                                                      b

PE Imphash

3cdafced2b335e7dc14e96cb2f655c00

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000005a2 0x00000600 5.44997859165
.rdata 0x00002000 0x000007c1 0x00000800 4.46826263124
.data 0x00003000 0x0000003c 0x00000200 0.0203931352361
.rsrc 0x00004000 0x000001b4 0x00000200 5.09797908882
.reloc 0x00005000 0x0000011c 0x00000200 2.77384906697

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x402084 PathFileExistsW
Library MSVCRT.dll:
0x402038 __p__fmode
0x40203c __set_app_type
0x402040 __p__commode
0x402044 _controlfp
0x402048 _adjust_fdiv
0x40204c __setusermatherr
0x402050 _initterm
0x402054 __getmainargs
0x402058 _acmdln
0x40205c exit
0x402060 _XcptFilter
0x402064 _exit
0x402068 srand
0x40206c rand
0x402070 memset
0x402074 _except_handler3
Library WININET.dll:
0x402094 InternetOpenW
0x402098 InternetOpenUrlW
0x40209c InternetCloseHandle
0x4020a0 InternetReadFile
Library urlmon.dll:
0x4020a8 URLDownloadToFileW
Library KERNEL32.dll:
0x402000 CopyFileA
0x402004 GetTickCount
0x402008 CloseHandle
0x40200c DeleteFileW
0x402010 CreateProcessW
0x402014 Sleep
0x402018 CopyFileW
0x40201c DeleteFileA
0x402020 GetModuleHandleA
0x402024 GetStartupInfoA
0x402028 CreateFileW
0x402030 WriteFile
Library USER32.dll:
0x40208c wsprintfW
Library SHELL32.dll:
0x40207c ShellExecuteW
!This program cannot be run in DOS mode.
TRichj
`.rdata
@.data
@.reloc
4whw478hw4g7whghw74h
w4gw4gw4hw4
wg44w4wh4w4h4
w4gw4hgw4g4gwgrgrgg
PathFileExistsW
SHLWAPI.dll
memset
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
WININET.dll
URLDownloadToFileW
urlmon.dll
CreateProcessW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
ExpandEnvironmentStringsW
GetTickCount
CopyFileA
CopyFileW
DeleteFileA
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfW
USER32.dll
ShellExecuteW
SHELL32.dll
RSDS-j
C b
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Y0i0|0
11%1Q1
2*2:2E2p2}2
3"3-3]3x3~3
474>4E4L4R4Z4`4g4n4y4
525B5b5h5n5
%temp%
%ls\%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
%ls:Zone.Identifier
%ls\%d.exe
%ls:Zone.Identifier
%appdata%
%ls\evvevev.txt
3fwfwff3fw3f
4wgw4g4wgw4gw4h
4wgw4gw4h
4gwg4gw4gw4wh4whw4h
http://185.215.113.93/pepwn.exe
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Heur.Mint.Zard.11
FireEye Generic.mg.0a6569e45a3a38f7
CAT-QuickHeal Clean
ALYac Gen:Heur.Mint.Zard.11
Cylance Unsafe
VIPRE Clean
K7AntiVirus Trojan ( 0056d4f21 )
BitDefender Gen:Heur.Mint.Zard.11
K7GW Trojan ( 0056d4f21 )
Cybereason malicious.45a3a3
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Phorpiex.AG
APEX Malicious
Avast Win32:CoinminerX-gen [Trj]
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Clean
Rising Worm.Phorpiex!8.48D (TFE:dGZlOgUN9lLDNPuMzg)
Ad-Aware Gen:Heur.Mint.Zard.11
TACHYON Clean
Emsisoft Gen:Heur.Mint.Zard.11 (B)
Comodo TrojWare.Win32.TrojanDownloader.Agent.EQE@80vxxy
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.xt
MaxSecure Clean
CMC Clean
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
GData Gen:Heur.Mint.Zard.11
Jiangmin Clean
Webroot Clean
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Caynamer.A!ml
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Dlder.C3467007
Acronis suspicious
McAfee RDN/Generic.hbg
MAX malware (ai score=89)
VBA32 BScope.Trojan.Caynamer
Malwarebytes Worm.Phorpiex.Generic
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_97%
Fortinet W32/Phorpiex.AH!worm
BitDefenderTheta Gen:NN.ZexaF.34686.auW@a0A3T4li
AVG Win32:CoinminerX-gen [Trj]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Clean
No IRMA results available.