popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-07-06 16:53:01

PE Imphash

001d993cb52b06dd86f1aafa1c13bed8

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003828 0x00003a00 4.93042992336
.rdata 0x00005000 0x0000a1b6 0x0000a200 4.38916131839
.data 0x00010000 0x00000060 0x00000200 0.147365075305
.pdata 0x00011000 0x000000cc 0x00000200 1.72271078183

Imports

Library KERNEL32.dll:
0x180005000 GetThreadPriority
0x180005008 GetCurrentThread
0x180005010 CreateThread
0x180005018 WaitForSingleObject
0x180005020 DuplicateHandle
0x180005028 ResumeThread

Exports

Ordinal Address Name
2 0x180001020 DfcidmAgqxxIybvoovbd
1 0x180001040 DllGetClassObject
3 0x1800011b0 DllRegisterServer
4 0x180001030 FbyouxodmaAmblxtzonyr
5 0x180001000 GhjrgreaggXyoydphfea
6 0x180001010 NrmqrpckejMlzraxTtfncwsvfmhs
7 0x180001120 PluginInit
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
D$xHc@<H
L$H;At
AWAVAUATVWUSH
[]_^A\A]A^A_
7c6iBp;q<e<c<d<e<b<g<h<i?i?h<l<mCf<o<p<q=b=c=d=e9f=g=h=i=j=k=l=m=n=o=p=q>b>c>d>e>f>g>h>i>j>k>l>m>n>o>p>q?b?c?d?e?f?g?h?i=j?k?l?m?d>d8f?c@b7g@m<p>g7o@iDm<g>jEpBeBgCp>pCqBdCpCgBcCgCj?hCfCkCiCfCfBj?oCnClDbAeAi@oDf@n@jDi>n>h?kDm@c@d@l@lEpCnCqCkEbCgChCiCjCkClCmEk7nAl8c>c:cDj:p>g:gDn:l>k:kDb:h@l>m?q:d?e;cEj;pEb9eEo;m?d;kEb;h?o;oEg;d:j@c6j@p>eBc6j@m<e@k6b@h>mBk6f@e=bAc7jAp?eCc7pAm=jAk7bAh:p=f=o=i:c>c8j>p8f8g8h8i8j8k8l8m8n8o8p8q9b9c9d9e9f9g9h9i9j9k9l9m<n=j9p9q8fBi:g:e>c>p>h8i:j:k:l:m:n:o:p:q@b;c=b=e;q;i;j;m;j=k;l;m;n:q;p;q<b<c<d<e<f=g<h<i<j=k<l<m<n<o<pDq=c=c=d=e=f<g=h=i=j=m=l=m=l=o=p=q>b>c>d>e>d>g>h>i>j>k>l>m>n7o>p>q?b?g?d?e?f?g?h?i?l?kEl?m?n?o>p?q@b@c@d@e@fAg@h@i@j@k@l@m@n@oAp@qAbAcAdAeAf@gAhAiAjAkAlAmAnAoApAqCbBcBdBe:f>hBhBi:bBkBlBmBf>kBpBq;nCcCdCeCfCgChCiCjCkClCmCnAoCpCq;bDbDdDeDfDgDhDiDjDkDlDmDnDoDpDqEbEcEdEeEfEgEhEiEjEkElEmEnEoEpEq6b6c6d6e6f6g6h6i6j6k6l6m6n6o6p6q7b7c7d7e7f7g7h7i7j7k7l7m7n7o7p7q8b8c8d8e8f<g8h8i;b8j8l8m8n8o8p8q9b9c9d9e9f9g9h9i9j9k9l9m9n9o9p9q:b:c:d:e<l8h:h:i:j:k:l:m;l;b:p:q;b:c;d;e;f:m;h;i;j;o;l;m
DllGetClassObject
PluginInit
DllRegisterServer
.idata$5
.rdata
.rdata$zzzdbg
.xdata
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.pdata
DllGetClassObject
DfcidmAgqxxIybvoovbd
DllRegisterServer
FbyouxodmaAmblxtzonyr
GhjrgreaggXyoydphfea
NrmqrpckejMlzraxTtfncwsvfmhs
PluginInit
ResumeThread
GetThreadPriority
GetCurrentThread
CreateThread
WaitForSingleObject
DuplicateHandle
KERNEL32.dll
Greater Manchester1
Salford1
Comodo CA Limited1!0
AAA Certificate Services0
210525000000Z
281231235959Z0V1
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
H/(@Bp 6
2http://crl.comodoca.com/AAACertificateServices.crl04
http://ocsp.comodoca.com0
Sectigo Limited1-0+
$Sectigo Public Code Signing Root R460
210322000000Z
360321235959Z0T1
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
FFlCx@
H/(@Bp 6
:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{
:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
http://ocsp.sectigo.com0
ts7!:o
n0PPd}
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R360
210614000000Z
220614235959Z0I1
Yerevan1
Amcert LLC1
Amcert LLC0
&,oBq\
https://sectigo.com/CPS0
8http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
8http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
http://ocsp.sectigo.com0
support@amcert.net0
Sectigo Limited1+0)
"Sectigo Public Code Signing CA R36
b=k4GM
TGr:*r
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee Clean
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_60% (W)
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 a variant of Win64/Agent.AQO
Baidu Clean
APEX Clean
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
TACHYON Clean
Sophos Troj/IcedID-Z
Comodo Clean
F-Secure Clean
DrWeb Trojan.PWS.Stealer.30701
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Emsisoft MalCert-S.KV (A)
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1143234
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft TrojanSpy:Win32/Stelega.STA
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 99)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
AVG Win64:DangerousSig [Trj]
Avast Win64:DangerousSig [Trj]
MaxSecure Clean
No IRMA results available.