Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00008393	0x00008400	7.95739719557
.text1	0x0000a000	0x0000033c	0x00000400	5.47111115827
.rdata	0x0000b000	0x00000158	0x00000200	2.56207517749
.data	0x0000c000	0x000039f4	0x00003400	7.90932575456
.rsrc	0x00010000	0x00000ec9	0x00001000	7.68351864836

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00008393

0x00008400

7.95739719557

.text1

0x0000a000

0x0000033c

0x00000400

5.47111115827

.rdata

0x0000b000

0x00000158

0x00000200

2.56207517749

.data

0x0000c000

0x000039f4

0x00003400

7.90932575456

.rsrc

0x00010000

0x00000ec9

0x00001000

7.68351864836

!This program cannot be run in DOS mode.

.text1

`.rdata

@.data

XJ7ZB;

`(/D1RK

2sR:2|

e;*-Q$=

6B=q

aBN-R"

aSkS5:

,IG]DT

?*-Q$8

-b|Xp0

43.nfL

@Ua+E=

H.`e$K

9g'P@/ZcS`

<u(k]kaA

9Uj*83

wtCLhJ

q[j*>7

e&74a3

OAI<2p

88|jlc8tyf

">V'h$!;

V',%!;

-BHE\L

-BHEPB

Lh<NFcU

`BHLNY

5`e*ci<2x

$Vr_dX8

azfJ?L%

7oZ0}

-BHEPB

~8]TEj

dcWt$lR

T{@"Ze

1?a;*-

3agdm;

AUdMj0'

_[Tjd/

>mBA=?:

Q@*8Hj

_Jml*n3

1/a;*-

BZ_rtP

QZ:8-V

">V'`*!;B

B8]UDh#

V'd$!;a

rUZtgJO

l)T?zr

q>$K4j

:|Rl1a

r/m)q[e

5<b|Dp0

~r6{<x7W

)>Fy*yg

1VGx;8

>+9c&!

~"AQv&J

RUz^]M

_^ZY[]

.text1

.idata$5

.rdata

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

ExitProcess

KERNEL32.dll

~q5}Ew

T5{fm9

'>mB/W

FindNextFileW

9gA}C<

Doz(>F

L)zej9

n]&~t0

9gA}C<

Kb7q=)

TdZ@yt

TdZEau

Y>|x5

R#Zib2

K9}\]Q

o6 481

qJ<Zwr"YY

"8h=q

J*#.mKAU

x:<E'3

M/|`,"ag

"+]A;>v

OledVG

W=X:m[

o<-Z&_

0U5#Q4

V-2wK6

]#eE0@bn

N^2]tW

3Lut1<

?;r#\.9

^=:ux7

2N7!Rc

Bd)hi3

F:Ja+Au

?:B[oq

b4i[I717T)

Qw*%]C

P6@#2ZV

uR3{aFGE[

L|m5+b

Greater Manchester1

Salford1

Sectigo Limited1$0"

Sectigo RSA Code Signing CA0

201221000000Z

211221235959Z0

CO3 9FA1

Essex1

Colchester1

10 Stoneleigh Park1

OASIS COURT LIMITED1

OASIS COURT LIMITED0

Z[NLgy

https://sectigo.com/CPS0

2http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s

2http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#

http://ocsp.sectigo.com0%

nonaterscont1986@yahoo.com0

New Jersey1

Jersey City1

The USERTRUST Network1.0,

%USERTrust RSA Certification Authority0

181102000000Z

301231235959Z0|1

Greater Manchester1

Salford1

Sectigo Limited1$0"

Sectigo RSA Code Signing CA0

iemn'

?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v

3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%

http://ocsp.usertrust.com0

#jYhRB_

mt^Ju~

2&-jWp

New Jersey1

Jersey City1

The USERTRUST Network1.0,

%USERTrust RSA Certification Authority0

190502000000Z

380118235959Z0}1

Greater Manchester1

Salford1

Sectigo Limited1%0#

Sectigo RSA Time Stamping CA0

?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v

3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%

http://ocsp.usertrust.com0

rRj;B7|

[C]e=P

Greater Manchester1

Salford1

Sectigo Limited1%0#

Sectigo RSA Time Stamping CA0

201023000000Z

320122235959Z0

Greater Manchester1

Salford1

Sectigo Limited1,0*

#Sectigo RSA Time Stamping Signer #20

https://sectigo.com/CPS0D

3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

http://ocsp.sectigo.com0

Greater Manchester1

Salford1

Sectigo Limited1$0"

Sectigo RSA Code Signing CA

Greater Manchester1

Salford1

Sectigo Limited1%0#

Sectigo RSA Time Stamping CA

210217111653Z0?

i;4Zd_

AUTORITE NT

Antivirus	Signature
Bkav	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.36880395
CMC	Clean
CAT-QuickHeal	Clean
McAfee	GenericRXOH-VB!C4DA0137CBB9
Malwarebytes	Clean
VIPRE	Trojan.Win32.Generic!BT
AegisLab	Trojan.Win32.Encoder.j!c
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005795061 )
BitDefender	Trojan.GenericKD.36880395
K7GW	Trojan ( 005795061 )
Cybereason	Clean
Baidu	Clean
Cyren	Clean
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Filecoder.DarkSide.B
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	Trojan-Ransom.Win32.Encoder.mhq
Alibaba	Trojan:Win32/DarkSide.a9f80a27
NANO-Antivirus	Clean
SUPERAntiSpyware	Clean
Rising	Ransom.Encoder!8.FFD4 (TFE:dGZlOgQJS8KF1QJfqw)
Ad-Aware	Trojan.GenericKD.36880395
Emsisoft	MalCert.A (A)
Comodo	Clean
F-Secure	Clean
DrWeb	Trojan.Siggen13.4445
Zillya	Clean
TrendMicro	Ransom_DarkSide.R002C0DEB21
McAfee-GW-Edition	GenericRXOH-VB!C4DA0137CBB9
FireEye	Generic.mg.c4da0137cbb99626
Sophos	ML/PE-A + Mal/BadCert-Gen
SentinelOne	Static AI - Malicious PE
Jiangmin	Clean
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.XPACK.Gen
eGambit	Unsafe.AI_Score_93%
MAX	malware (ai score=84)
Antiy-AVL	Clean
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Ransom:Win32/DarkSide.DA
Gridinsoft	Clean
Arcabit	Clean
ViRobot	Trojan.Win32.Z.Darkside.61784
ZoneAlarm	Trojan-Ransom.Win32.Encoder.mhq
GData	Win32.Trojan.Agent.GULDFO
Cynet	Malicious (score: 100)
AhnLab-V3	Backdoor/Win.CobaltStrike.R416024
Acronis	Clean
VBA32	Clean
ALYac	Clean
TACHYON	Clean
Cylance	Unsafe
Panda	Trj/CI.A
Zoner	Clean
TrendMicro-HouseCall	Ransom_DarkSide.R002C0DEB21
Tencent	Clean
Yandex	Clean
Ikarus	Win32.Outbreak
MaxSecure	Clean
Fortinet	W32/DarkSide.B!tr.ransom
BitDefenderTheta	Clean
AVG	Win32:DangerousSig [Trj]
Avast	Win32:DangerousSig [Trj]
CrowdStrike	win/malicious_confidence_80% (D)
Qihoo-360	Clean

Antivirus

Signature

Bkav

Clean

Elastic

malicious (high confidence)

MicroWorld-eScan

Trojan.GenericKD.36880395

CMC

Clean

CAT-QuickHeal

Clean

McAfee

GenericRXOH-VB!C4DA0137CBB9

Malwarebytes

Clean

VIPRE

Trojan.Win32.Generic!BT

AegisLab

Trojan.Win32.Encoder.j!c

Sangfor

Trojan.Win32.Save.a

K7AntiVirus

Trojan ( 005795061 )

BitDefender

Trojan.GenericKD.36880395

K7GW

Trojan ( 005795061 )

Cybereason

Clean

Baidu

Clean

Cyren

Clean

Symantec

ML.Attribute.HighConfidence

ESET-NOD32

a variant of Win32/Filecoder.DarkSide.B

APEX

Malicious

Paloalto

generic.ml

ClamAV

Clean

Kaspersky

Trojan-Ransom.Win32.Encoder.mhq

Alibaba

Trojan:Win32/DarkSide.a9f80a27

NANO-Antivirus

Clean

SUPERAntiSpyware

Clean

Rising

Ransom.Encoder!8.FFD4 (TFE:dGZlOgQJS8KF1QJfqw)

Ad-Aware

Trojan.GenericKD.36880395

Emsisoft

MalCert.A (A)

Comodo

Clean

F-Secure

Clean

DrWeb

Trojan.Siggen13.4445

Zillya

Clean

TrendMicro

Ransom_DarkSide.R002C0DEB21

McAfee-GW-Edition

GenericRXOH-VB!C4DA0137CBB9

FireEye

Generic.mg.c4da0137cbb99626

Sophos

ML/PE-A + Mal/BadCert-Gen

SentinelOne

Static AI - Malicious PE

Jiangmin

Clean

Webroot

W32.Trojan.Gen

Avira

TR/Crypt.XPACK.Gen

eGambit

Unsafe.AI_Score_93%

MAX

malware (ai score=84)

Antiy-AVL

Clean

Kingsoft

Win32.Troj.Undef.(kcloud)

Microsoft

Ransom:Win32/DarkSide.DA

Gridinsoft

Clean

Arcabit

Clean

ViRobot

Trojan.Win32.Z.Darkside.61784

ZoneAlarm

Trojan-Ransom.Win32.Encoder.mhq

GData

Win32.Trojan.Agent.GULDFO

Cynet

Malicious (score: 100)

AhnLab-V3

Backdoor/Win.CobaltStrike.R416024

Acronis

Clean

VBA32

Clean

ALYac

Clean

TACHYON

Clean

Cylance

Unsafe

Panda

Trj/CI.A

Zoner

Clean

TrendMicro-HouseCall

Ransom_DarkSide.R002C0DEB21

Tencent

Clean

Yandex

Clean

Ikarus

Win32.Outbreak

MaxSecure

Clean

Fortinet

W32/DarkSide.B!tr.ransom

BitDefenderTheta

Clean

AVG

Win32:DangerousSig [Trj]

Avast

Win32:DangerousSig [Trj]

CrowdStrike

win/malicious_confidence_80% (D)

Qihoo-360

Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports