popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-04-27 10:43:42

PE Imphash

82c7cc00390cbd2e9edea8a134be6bcb

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000d001 0x0000d200 6.62717781029
.rdata 0x0000f000 0x0000576c 0x00005800 4.79363712797
.data 0x00015000 0x000012f4 0x00000a00 1.81342651804
.00cfg 0x00017000 0x00000004 0x00000200 0.0572566022412
.voltbl 0x00018000 0x00000048 0x00000200 1.350286802
.rsrc 0x00019000 0x0001a994 0x0001aa00 7.49475539352
.reloc 0x00034000 0x00000e68 0x00001000 6.23084188443

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x00019190 0x00016bce LANG_ENGLISH SUBLANG_ENGLISH_US PC bitmap, Windows 3.x format, 746 x 604 x 1
RT_ICON 0x00031270 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4283611128, next used block 4283611128
RT_ICON 0x00031270 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4283611128, next used block 4283611128
RT_ICON 0x00031270 0x000025a8 LANG_NEUTRAL SUBLANG_NEUTRAL dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4283611128, next used block 4283611128
RT_GROUP_ICON 0x00033818 0x00000036 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x00033850 0x00000143 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library KERNEL32.dll:
0x413d80 CloseHandle
0x413d84 CreateFileW
0x413d88 DecodePointer
0x413d94 ExitProcess
0x413d98 FindClose
0x413d9c FindFirstFileExW
0x413da0 FindNextFileW
0x413da4 FlushFileBuffers
0x413dac FreeLibrary
0x413db0 GetACP
0x413db4 GetCPInfo
0x413db8 GetCommandLineA
0x413dbc GetCommandLineW
0x413dc0 GetConsoleCP
0x413dc4 GetConsoleMode
0x413dc8 GetCurrentProcess
0x413dcc GetCurrentProcessId
0x413dd0 GetCurrentThreadId
0x413dd8 GetFileType
0x413ddc GetLastError
0x413de0 GetModuleFileNameA
0x413de4 GetModuleFileNameW
0x413de8 GetModuleHandleA
0x413dec GetModuleHandleExW
0x413df0 GetModuleHandleW
0x413df4 GetOEMCP
0x413df8 GetProcAddress
0x413dfc GetProcessHeap
0x413e00 GetStartupInfoW
0x413e04 GetStdHandle
0x413e08 GetStringTypeW
0x413e10 GetTickCount
0x413e14 HeapAlloc
0x413e18 HeapFree
0x413e1c HeapReAlloc
0x413e20 HeapSize
0x413e28 InitializeSListHead
0x413e2c IsDebuggerPresent
0x413e34 IsValidCodePage
0x413e38 LCMapStringW
0x413e40 LoadLibraryExW
0x413e44 MultiByteToWideChar
0x413e4c RaiseException
0x413e50 RtlUnwind
0x413e54 SetFilePointerEx
0x413e58 SetLastError
0x413e5c SetStdHandle
0x413e64 TerminateProcess
0x413e68 TlsAlloc
0x413e6c TlsFree
0x413e70 TlsGetValue
0x413e74 TlsSetValue
0x413e7c WideCharToMultiByte
0x413e80 WriteConsoleW
0x413e84 WriteFile
Library SHELL32.dll:
0x413e8c ShellExecuteA
Library USER32.dll:
0x413e94 LoadBitmapA
!This program cannot be run in DOS mode.$
`.rdata
@.data
.00cfg
@.voltbl
@.reloc
URPQQh-V@
35|bA
j,hPFA
zSSSSj
f9:t!V
xg;5HbA
QQSVj8j@
;t$,v-
UQPXY]Y[
PPPPPWS
PP9E u:PPVWP
xE;5HbA
PPPPPPPP
xE;5HbA
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
?5Wg4p
%S#[k=
"B <1=
kernel32.dll
dddd, MMMM dd, yyyy
MM/dd/yy
February
January
Thursday
Tuesday
Wednesday
Saturday
Sunday
Monday
Friday
InitializeCriticalSectionEx
LCMapStringEx
August
_hypot
operator co_await
__restrict
CorExitProcess
HH:mm:ss
operator
_nextafter
October
November
September
December
__fastcall
__thiscall
__vectorcall
__clrcall
__stdcall
__cdecl
__pascal
__eabi
FlsSetValue
FlsGetValue
delete
FlsFree
AppPolicyGetProcessTerminationMethod
__unaligned
FlsAlloc
new[]
delete[]
AreFileApisANSI
LocaleNameToLCID
operator<=>
__ptr64
__swift_2
__swift_1
restrict(
__based(
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Type Descriptor'
`vector deleting destructor'
`scalar deleting destructor'
`vbase destructor'
`vector copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`eh vector vbase copy constructor iterator'
`vector constructor iterator'
`eh vector constructor iterator'
`managed vector constructor iterator'
`vector vbase constructor iterator'
`eh vector vbase constructor iterator'
`vector destructor iterator'
`eh vector destructor iterator'
`managed vector destructor iterator'
Complete Object Locator'
`virtual displacement map'
`vcall'
`string'
`udt returning'
`omni callsig'
`typeof'
`copy constructor closure'
`default constructor closure'
`local vftable constructor closure'
`placement delete closure'
`placement delete[] closure'
`vftable'
`local vftable'
`vbtable'
`anonymous namespace'
`local static thread guard'
`local static guard'
`dynamic atexit destructor for '
`dynamic initializer for '
operator ""
LLD PDB.
CloseHandle
CreateFileW
DecodePointer
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlUnwind
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WideCharToMultiByte
WriteConsoleW
WriteFile
ShellExecuteA
LoadBitmapA
KERNEL32.dll
SHELL32.dll
USER32.dll
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
_z&-Ol
0+.")7
a|{+Qz7
3/XYYwA4
erU6QW
LdAz$U
Ss2/wc
7W;A|;c1
xo6ioy*:
xm6i}]*M&
#huk<w
IvI;Yni<
xk>Ims<G
xA*izw>
fiG4x{8m
zXA!xk8
zhA=x{8m
+6`b,S_x
Rk}Cx{<G
?Q&;:-x
ekC+xq<G
7Nu_<g
.*Mu[<g
L!P~<7r
xQO=xk6
"x{64Q
U[BEx{8b
+:_p;<
+:_p;<
?OG+<}
$x{6o)
xK6K{s
Mx{:(i
xmS>x{:D
x]S+xk:
:^K+<w
xmSsx{6E
4z<AZ#
:pu4<w
xk<sx{<
oH9y{M
Sd(mk<
cd8m{<E
rJ3(kk<
-)o}UX
MYG0xk8
i}Uw<W
2pns-y
zt0:8{<F
SWx{6:
ie+! j2_nS-Y
n17yxl
86~z5 !
iNSqx[:
]RSLxk:
~t5:8{<F
$^5<>o
46qq/=i
i`SXx{6T
i[Sdx[6
,-fvR+7
xK}Sx[<
is-@vb
xQSBxk:
<!Ru8X
<gP'<'r
xASix[6
xASix[6
xJO^xk6
|S *8k<
]lSRx{:b
$^5<1R
xJO^xk6
xZOnx[6
?A&+:]
RQN%s[L
#Cuk<w
6Om+<}
S|xK6I{}
xzONx{6M
xJO^xk6
f[X%xh6
LPtz<g
6mP:<'r
LntJ<w
8/peU%x
"-sb(:
st0:8{<F
81|eUXi
xk6kpQ=[
^O6yxm
rfOy{:T
|t3:8{<F
<#Pb=7~
<#Pc=7~
,:z%|=
:P\='~
xAN2}[L
:}uk<w
<-Po=7~
.'XY;7x
]1zJj<
>@u_<g
rp>PuO<W
xM6IrR
-"bf|7x
9Iu[<g
xY+*8k<
i@Six[6
+8_~:<
x[x>xk@
xK<myh<
5C:Gm#
0:g\l~Y
t"<:W(2CH
>:G~>Cx
,W/ PT
y{,Gq9
,W+8s]
!@gb+Tv
*<w18<
<g:/<w
Vs]):waz
r]):w6
+E`]9=
~Vw+0w}
2W_8<g
+&wl<
+<w~3E3l
qWn2<g
<g~#_7~4n
+<w~#p0y
WWq7<g
<g~#$0
+<w~3TAh
+<wn;i<H
<gn+1_
+<w~#p0y
UZ +xk<
<gi3L@U5
!x{<Gi
+<wi#L0
EZK0xk<
+=w"~<
=W6 <g
x{>Gs'<W
>Wu(<g
x{>G00<W
8WN;<g
=WA_<g
x{=GAO<W
=wa;p0y
,wT;p0>
+H5 ;]
T|],g1(6R
)gw~#<
Ogw8]{
<W(^ou
Y^9<wd
+=ws;M
=gm+Gw
gi+=wU;
gI+=w);
(f++>w
G o=W[
gxM=wW;
W@|=gA+
g0A=w7;
p=g!+4
=vyn7W
dw.6Yc;O
ns{>Uy
8Fz"2i
:vyC8q
:Vy+8Q
:uyk:w
PA<?xml version="1.0" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<trustInfo>
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false'/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
</=B=.>p>?
;);A;k;
<<'</<;<D<I<O<Y<c<s<
>4?F?_?t?{?
070J0}0
2a2g2p2y2
6B6L6U6^6s6|6
9D:W:u:
:1<h<o<t<x<|<
= =$=(=,=
1W1l1w1
2-2@2G2[2j2q2y2
3$333H3P3Z3c3t3
3H4U4d4y4
5%6>6C6L6.7<7E7
;.<9<x<
*1@1Z1h1
202;2b2l2z2
3*3F3Z3
34-444:4
777<7a7f7q7
8&8+808K8Z8e8j8o8
9!9Z9~9
:*:8:D:P:d:z:
;%;5;C;H;M;];b;g;w;|;
<#<*<2<9<C<L<V<x<
=6=O=m=
>@>U>g>t>
1B2R2u2
243k3}3
7P7_7i7v7
8'8h8U9
:&:q:x:
=A=d=k=}=k>u>
?5?S?\?w?
0/181P1}1
1%2,232:2G2k2
6!6D6_6l6z6
7*7<7N7`7r7
?*?O?c?
3 3%3@3M3V3[3`3{3
454E4]4q4
6F7c7o7
8[8J:T:w:
:&;Y;n;
2J2k2v2
5<6]6d6{6
<K<P<T<X<\<
212d2r3
444X4c4p4
5"535]5
7'8<8E8N8a8f8
8Q9]9q9}9
:":?:O:[:j:};
;'<D<X<c<
>&?F?V?
0]1h1n1w1
0D0H0P0
1$1,14181<1@1D1
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7
?$?,?4?<?D?L?T?\?d?l?t?|?
0$0,040<0D0L0T0\0d0l0t0|0
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
9 9(90989@9H9P9X9`9h9p9x9
: :(:0:8:@:H:P:X:`:h:p:x:
; ;(;0;8;@;H;P;X;`;h;p;x;
< <(<0<8<@<H<P<X<`<h<p<x<
= =(=0=8=@=H=*?.?2?6?
8$8,848<8D8L8T8\8d8l8t8|8
4$4(4H4h4
5(5H5h5
6(6H6h6
7$7(7H7h7
((((( H
dddd, MMMM dd, yyyy
MM/dd/yy
syr-sy
February
January
Thursday
Tuesday
Wednesday
Saturday
Sunday
Monday
Friday
div-mv
August
zh-cht
HH:mm:ss
zh-chs
October
November
September
December
smj-no
sma-no
quz-bo
uz-uz-latn
az-az-latn
sr-sp-latn
bs-ba-latn
sr-ba-latn
uz-UZ-Latn
az-AZ-Latn
sr-SP-Latn
bs-BA-Latn
sr-BA-Latn
kok-in
uz-uz-cyrl
az-az-cyrl
sr-sp-cyrl
sr-ba-cyrl
uz-UZ-Cyrl
az-AZ-Cyrl
sr-SP-Cyrl
sr-BA-Cyrl
mscoree.dll
sms-fi
smn-fi
smj-se
sma-se
quz-pe
quz-ec
syr-SY
div-MV
zh-CHT
zh-CHS
smj-NO
sma-NO
quz-BO
kok-IN
sms-FI
smn-FI
smj-SE
sma-SE
quz-PE
quz-EC
user32
kernel32
advapi32
api-ms-win-core-file-l1-2-2
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-string-l1-1-0
ext-ms-
api-ms-
CONOUT$
api-ms-win-core-processthreads-l1-1-2
api-ms-win-appmodel-runtime-l1-1-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-localization-obsolete-l1-2-0
ext-ms-win-ntuser-dialogbox-l1-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
Antivirus Signature
Bkav W32.AIDetect.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.36890514
FireEye Generic.mg.a5292f2ae50ae5ca
CAT-QuickHeal Trojan.Inject
Qihoo-360 Clean
ALYac Trojan.GenericKD.36890514
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.36890514
K7GW Riskware ( 0040eff71 )
Cybereason malicious.ae50ae
Arcabit Clean
BitDefenderTheta AI:Packer.8E7A02FE1F
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Avast Win32:Malware-gen
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
AegisLab Trojan.Win32.Malicious.4!c
Rising Trojan.Inject!8.103 (CLOUD)
Ad-Aware Trojan.GenericKD.36890514
TACHYON Clean
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
CMC Clean
Emsisoft Trojan.GenericKD.36890514 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Trojan.Win32.Downloader.sa
Microsoft Trojan:Win32/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Trojan.GenericKD.36890514
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Generic.C4469869
Acronis Clean
McAfee Artemis!A5292F2AE50A
MAX malware (ai score=85)
VBA32 Clean
Malwarebytes Malware.AI.4283024641
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H09E921
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Malicious_Behavior.SB
AVG Win32:Malware-gen
Paloalto Clean
CrowdStrike win/malicious_confidence_80% (W)
MaxSecure Clean
No IRMA results available.