Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00000fad	0x00001000	6.07703715877
.rdata	0x00002000	0x00000b8e	0x00000c00	4.18839727173
.data	0x00003000	0x00000060	0x00000000	0.0
.reloc	0x00004000	0x00000200	0x00000200	6.32573095406

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00000fad

0x00001000

6.07703715877

.rdata

0x00002000

0x00000b8e

0x00000c00

4.18839727173

.data

0x00003000

0x00000060

0x00000000

0.0

.reloc

0x00004000

0x00000200

6.32573095406

!This program cannot be run in DOS mode.

`.rdata

@.data

.reloc

xfh4(@

XSVWjD_W3

QSVWjl[

"uZj0V

jcYjb[

uPj1Xf9F

nuRf9^

"u]j0V

"uZj0V

+udjlXf9

tuUjcXf9F

>auFjdXf9F

ru0j1Xf9F

jD_f9>

LoadLibraryW

GetProcAddress

GetModuleFileNameW

CreateDirectoryW

GlobalAlloc

GlobalFree

GlobalLock

GlobalUnlock

LocalAlloc

LocalFree

lstrlenW

StrChrW

StrStrW

StrStrIW

StrToIntExW

PathIsDirectoryW

CoInitialize

HeapFree

CreateMutexA

CreateMutexW

GetLastError

SHGetFolderPathA

PathAppendW

StringCbPrintfW

memset

wmemset

memcpy

OpenClipboard

GetClipboardData

EmptyClipboard

SetClipboardData

CloseClipboard

.text$mn

.idata$5

.rdata

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

LoadLibraryW

GetProcAddress

WaitForSingleObject

CloseHandle

ExitProcess

CreateProcessW

CopyFileW

GlobalFree

KERNEL32.dll

SHGetFolderPathW

SHELL32.dll

0 0&0.030:0C0H0Q0V0^0c0k0p0y0~0

1#1)1/141:1@1E1K1Q1V1]1b1i1n1t1z1

2 2%2+21262<2B2G2M2S2X2^2d2k2

2!343Q3a3q3v3

515N5\5i5v5

6!6L6Y6f6

7+777D7]7i7

818J8c8|8

949U9`9g9q9y9

;9;C;S;^;)<6<G<h<

D9H9L9P9T9X9\9`9d9h9l9p9t9x9

G2A/CLP/05/RYS

1ACJ7tAwFCKFyZ7dqqdjmEujaHmf1os7z4

34FKrh3G48vSBKd2qJxUPDpQQXFYVYPjQK

bc1qx69y2vk5jujx5jgl9f3r8fryu8tua35wjxh566

LU6XH5FK9KBWQgM1zTLUoonytp9J2ktRvR

MDWxxChn4C9iWUR6hYrqvdnXhpE2Q9Hgd7

ltc1qlaxlywhszlpjqcv8yt2jh6j0vu0al03rczpv84

0x5d61bBc33feE5bfc37b15E02c064BAF46A1284b2

00000L0000T00MON00000000000000000000000LU6XH5FK9KBWQgM1zTLUoonytp9J2ktRvR00000000000000W0000000

85Y45vaBPdTLcfUEVhrrCK3TBedpFFYSwTKyvLYLDuszXkbW6prBw9zU1Wj4zxtrujEp7cwxC7WmyRWWCeH2Vu6rAcX249p

DJo13g6p7edu8fvGf6rMafi1V2YrVt7a1Y

addr1q834nehytegrr2ywcchpjxfwgfppfwp4uwl9slzz6cvv0whrt8nwghjsxx5ga33wryvjusjzzjurtca7tp7y94scc7aqwel2j2

Ae2tdPwUPEYzTpvqqkeWmGVNGCZtEdghpy2pmAcDDKTFGmSntf214LuE1pH

bnb1ltl6z348dk0f2chgs4rskc57jw3g2wsd3flw33

kernel32.dll

Shlwapi.dll

ntdll.dll

Shell32.dll

Ole32.dll

User32.dll

\Microsoft\Network

\sqlcmd.exe

/C /create /F /sc minute /mo 1 /tn "

Azure-Update-Task

" /tr "

C:\Windows\System32\schtasks.exe

Antivirus	Signature
Bkav	W32.AIDetect.malware2
Elastic	Clean
MicroWorld-eScan	Gen:Variant.Fugrafa.136849
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Gen:Variant.Fugrafa.136849
Cylance	Unsafe
VIPRE	Clean
Sangfor	Clean
K7AntiVirus	Clean
BitDefender	Gen:Variant.Fugrafa.136849
K7GW	Clean
Cybereason	Clean
Baidu	Clean
Cyren	Clean
Symantec	Clean
ESET-NOD32	a variant of Win32/ClipBanker.ND
APEX	Malicious
Avast	Win32:Trojan-gen
ClamAV	Clean
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Clean
NANO-Antivirus	Clean
ViRobot	Clean
AegisLab	Clean
Rising	Trojan.ClipBanker!8.5FB (RDMK:cmRtazquU98NkGrszzV1N4myIYXD)
Ad-Aware	Gen:Variant.Fugrafa.136849
Sophos	ML/PE-A
Comodo	Clean
F-Secure	Clean
DrWeb	Trojan.MulDrop17.10469
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
MaxSecure	Trojan.Malware.300983.susgen
FireEye	Gen:Variant.Fugrafa.136849
Emsisoft	Gen:Variant.Fugrafa.136849 (B)
Ikarus	Clean
GData	Gen:Variant.Fugrafa.136849
Jiangmin	Trojan.Generic.gwvzt
Webroot	Clean
Avira	TR/Crypt.XPACK.Gen8
MAX	malware (ai score=88)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Ransom.Win32.Banker.oa!s1
Arcabit	Trojan.Fugrafa.D21691
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:Win32/Wacatac.B!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Suspicious/Win.Generic.C4496218
Acronis	Clean
McAfee	GenericRXAA-AA!D850F8D48232
TACHYON	Clean
VBA32	BScope.Trojan.Tasker
Malwarebytes	Malware.AI.1517648553
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	Clean
Tencent	Clean
Yandex	Clean
SentinelOne	Clean
eGambit	Clean
Fortinet	Clean
BitDefenderTheta	Gen:NN.ZexaE.34692.aqW@aexmQl
AVG	Win32:Trojan-gen
Paloalto	generic.ml
CrowdStrike	Clean
Qihoo-360	Clean

Antivirus

Signature

Bkav

W32.AIDetect.malware2

Elastic

Clean

MicroWorld-eScan

Gen:Variant.Fugrafa.136849

CMC

Clean

CAT-QuickHeal

Clean

ALYac

Gen:Variant.Fugrafa.136849

Cylance

Unsafe

VIPRE

Clean

Sangfor

Clean

K7AntiVirus

Clean

BitDefender

Gen:Variant.Fugrafa.136849

K7GW

Clean

Cybereason

Clean

Baidu

Clean

Cyren

Clean

Symantec

Clean

ESET-NOD32

a variant of Win32/ClipBanker.ND

APEX

Malicious

Avast

Win32:Trojan-gen

ClamAV

Clean

Kaspersky

HEUR:Trojan.Win32.Generic

Alibaba

Clean

NANO-Antivirus

Clean

ViRobot

Clean

AegisLab

Clean

Rising

Trojan.ClipBanker!8.5FB (RDMK:cmRtazquU98NkGrszzV1N4myIYXD)

Ad-Aware

Gen:Variant.Fugrafa.136849

Sophos

ML/PE-A

Comodo

Clean

F-Secure

Clean

DrWeb

Trojan.MulDrop17.10469

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

Clean

MaxSecure

Trojan.Malware.300983.susgen

FireEye

Gen:Variant.Fugrafa.136849

Emsisoft

Gen:Variant.Fugrafa.136849 (B)

Ikarus

Clean

GData

Gen:Variant.Fugrafa.136849

Jiangmin

Trojan.Generic.gwvzt

Webroot

Clean

Avira

TR/Crypt.XPACK.Gen8

MAX

malware (ai score=88)

Antiy-AVL

Clean

Kingsoft

Clean

Gridinsoft

Ransom.Win32.Banker.oa!s1

Arcabit

Trojan.Fugrafa.D21691

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Microsoft

Trojan:Win32/Wacatac.B!ml

Cynet

Malicious (score: 100)

AhnLab-V3

Suspicious/Win.Generic.C4496218

Acronis

Clean

McAfee

GenericRXAA-AA!D850F8D48232

TACHYON

Clean

VBA32

BScope.Trojan.Tasker

Malwarebytes

Malware.AI.1517648553

Panda

Trj/GdSda.A

Zoner

Clean

TrendMicro-HouseCall

Clean

Tencent

Clean

Yandex

Clean

SentinelOne

Clean

eGambit

Clean

Fortinet

Clean

BitDefenderTheta

Gen:NN.ZexaE.34692.aqW@aexmQl

AVG

Win32:Trojan-gen

Paloalto

generic.ml

CrowdStrike

Clean

Qihoo-360

Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports