popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

1972-12-25 14:33:23

PE Imphash

cae0259af6116376a984aebdda1867f9

PEiD Signatures

ASPack v2.12 -> Alexey Solodovnikov

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001000 0x00000200 6.68253254444
.rdata 0x00002000 0x00001000 0x00000200 4.70436717529
.data 0x00003000 0x00001000 0x00000400 6.05584011017
.rsrc 0x00004000 0x00003000 0x00000200 2.44201184493
.aspack 0x00007000 0x00004000 0x00003c00 5.43404729917
.adata 0x0000b000 0x00001000 0x00000000 0.0

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00008460 0x000025a8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_GROUP_ICON 0x0000844c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_VERSION 0x00008218 0x00000234 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data
RT_MANIFEST 0x00008048 0x000001cd LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED XML 1.0 document, ASCII text, with very long lines, with no line terminators

Imports

Library kernel32.dll:
0x407f5c GetProcAddress
0x407f60 GetModuleHandleA
0x407f64 LoadLibraryA
Library user32.dll:
0x408014 MessageBoxA
Library advapi32.dll:
0x40801c RegQueryValueExA
!This program cannot be run in DOS mode.
.rdata
.aspack
.adata
$"$/BA#
-t`0 8
VirtualAlloc
VirtualFree
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
(08@P`p
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
user32.dll
advapi32.dll
MessageBoxA
RegQueryValueExA
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
Vfffxccc|$$$p###t
UUU0SSS0
F,,,\cccz^^^
!!!|!!!z!!!z"""xmmm
hPPP2RRR2
fff(fff(ccc(ccc(iii&
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
5.7.0.0
FileDescription
ProductName
ProductVersion
5.7.0.0
CompanyName
LegalCopyright
Comments
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Elastic Clean
DrWeb Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Malware.AI.2494098217
VIPRE Clean
AegisLab Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.db600b
BitDefenderTheta Clean
Cyren W32/Trojan.VZXV-0476
Symantec Clean
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Trojan.Win32.Drop.dlhwif
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Avast Clean
Ad-Aware Clean
Sophos Generic ML PUA (PUA)
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Kudj.lm
FireEye Generic.mg.51c10802ed8cbcb4
Emsisoft Clean
Ikarus Trojan.StartPage
Jiangmin RiskTool.FlyStudio.awa
Webroot Clean
Avira Clean
Antiy-AVL Trojan/Generic.ASMalwS.1B32082
Kingsoft Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!51C10802ED8C
MAX Clean
VBA32 Trojan.KillFiles
Cylance Unsafe
APEX Malicious
Rising Clean
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet W32/FlyStudio.C!tr
Qihoo-360 Clean
Panda Clean
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.