popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-05-29 20:44:49

PE Imphash

8b9115bdb533867fb541799f78a743d7

PEiD Signatures

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x0003c000 0x00000000 0.0
UPX1 0x0003d000 0x00015000 0x00014a00 7.91308449205
.rsrc 0x00052000 0x00001000 0x00000600 3.35102325779

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0005205c 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED data

Imports

Library ADVAPI32.dll:
0x452364 RegCloseKey
Library COMCTL32.dll:
0x45236c None
Library GDI32.dll:
0x452374 SaveDC
Library KERNEL32.DLL:
0x45237c LoadLibraryA
0x452380 ExitProcess
0x452384 GetProcAddress
0x452388 VirtualProtect
Library RASAPI32.dll:
0x452390 RasHangUpA
Library USER32.dll:
0x452398 GetDC
Library WININET.dll:
0x4523a0 InternetOpenA
Library WINSPOOL.DRV:
0x4523a8 OpenPrinterA
Library WS2_32.dll:
0x4523b0 send
!This program cannot be run in DOS mode.
SP8[&Y
\DF`r
!vJ=0O
go^%;X)7
dN7X[Y
LZPWF+!
2b=f_`
L%CLHL
"cd(,x(
>HN$]A
4dsBKj
VQPgEIu
A:1%'/
oOVNTO
~GM~C;
!2EJWx
-}-f;M
,!wuj1'
vf;US
WGt(!
S2|QTG
+J9Sl;
8GYoQ:
~&8,SYaf+
%"84)dN
DJ8`}<P
_nnQ.go
L26/!9
;JYFG,%,
vD!KoV
mt2Y6~I
1oA$xA
o/SVj(g
H`?FRJ q(
X`q,`BQ
(]G.pU
,?PE$
&*$RIp
|,o(h\
IhAdCR
>`]r[t
1gt#h$1
Ej UK;
=,WF
q~+S|+
'c c/&%
L[ G2x
GT69k+
`-t_hT
3dNhDh=h0
;(rUFV
%$_rb(h
u{a9Varh
C0;5y$
#-SFj
QS}i9|
bH4uSJ
pufVt^R
AOwH4Q
mZMHH<
#J>_YPI
hHhH]7
HN!'y
I8I`Iy
Q@n<%p
dCBz`q
=tXs|R
51&O@N
Httx0B=
!+j@SD
,lTlZ7Sz
'/ocI
pzF$.0t
jR!fM0P
nJF;s|
dK>,hV
@Ye<v)
V_{A-R
/om07I
@5p;4K
xVj Ik
6.0YGF
s)SW!U7
^1(e+[s.7
FaZhEMPoR\
_&iyY2_H
!kOFP&yG
K&yHayN
h Z::
h4xsp
CF?QsN;
w+!v'+s
Yu,h(M
m+22PP
khK!63
NHpM$>\
d9tV5H
ArB;9K
4:uN-K
.vSWNG
~DLVE;
)%^k4
zLh!)#
VzC\3X2
^}%9H~
T):qmT
;|sE[
K44F88T
iM$$((
\(>X
|)(# fT
Vjc~U$E
-t,0tRC
p7WqX70
RP)J@p
{<~\ME
a0"jhf
6t\Gb;
*9&".PjB
cP\c|]k6'
9Q\n9y`
hsT]B5
~D9_Pt?eJ9Y
oX tn5=nrd=
wFE[@{
gb)tO>o
76lF/4h
WSPR[~
7f<(`hBK
Dq31RH
Gj 9XP
EI51BD
H4rfuH
\ t+I,"
ataanp8
t39wtv
mkn0tnv[)
<PxLUC
u,;CTk
Jf+o_w
VG00a&nV$..
mcf\1.
w-u?`'5
;u('#4x
<{Nl``ja
"vGO%+
|uhk@W
]5`>>C
|UQuVK
T6FU^C+
X-XN.r
"9%<r&
lTCAB:O
<A|2<Z
Fj^Is@<FF|
omKfPt
v\jh@i
;F!ZA!<'5(
L%h!K.'O
{Yk41R
Wmt S0
fU5U6Fe
9+"n&h<
i(6Tfv
l^N<(Mg
?CWinApp
PreviewPage
CmdTar
NotSu(ortBn7
edExcep
Mem+y)P
UNLINK
PUTEAD
GEPOSx
CObject
`combo
esoftw
Resour+
l. }$,
AfxOld
~oc423
-We:7G
EnumDispl
PEdow[Syst
SER32ISPLAY;m>
(]K#SU8y
Map:To
k-=MBAw
AugumJ
AprilM=k
g_WSKG
C7yC?;3
;7/'#
-a__GLOBAL_<P_S
MSVCRZ
- Kabl
vac#f{lOi8B.;
B_*ex\/X
opeX1#
p@g6 J
Bam6/09O4
u(s_02
m,klwn>
0wr (8PX
+KERNE4e+
9*L~log10"
dll1#QNA
d0;F/d'
'O>/FtQt\t
JSHELL
OLEAUT
?\.c/eMh
0sPServ
PjsHa8l
ySOFT
WARE\S\
du'+U-l)CVi
)h[Y"K$
-VfullHPC
345678
abcdefghijklmnopqd
4IJKLMNO
XYZe!"#$%&'()
*+,-./
<=>?@[\]^_`{|}~4
s25Zhp
,]l&a/l
ZoNdNutp
RtlN/
?ERRORBMv
i*; MSIE 6
: */*b
TP/1N/#,gbTC-(
sMIME-
8t="7mZ~k
/<mixedb
y=#BOUNDARY
Dv*+|8
Cc3,'a,
bYH:%M]
{_AFX_WIN_STATEZ
MODULE
-[Eg!K
ph/\XTPi
iLHD@<
W_Y{lM
ilx\yL
i*06<B
,"'AFf
Ix<@o
=cAdd#
:0ne-TickC
vl+rcmpiA
SEn#id
n5ToLByt
'Vaa64^
xWBoVE
Wod+#(+P+
vkz`.r
XPTPSW
HrCg@b
O(uckHr
ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
RASAPI32.dll
USER32.dll
WININET.dll
WINSPOOL.DRV
WS2_32.dll
RegCloseKey
SaveDC
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
RasHangUpA
InternetOpenA
OpenPrinterA
9:;=1.117.165.236|||27966
IWSoft0
191231160000Z
20591231160000Z0
IWSoft0
IWSoft
\IiK3S
IWSoft
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
0IWSoft Digital Signatur
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.a905e8ec7c21e72e
CAT-QuickHeal Risktool.Flystudio.17515
Qihoo-360 Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.674b0e
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Tiny.NQG
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.Tiggre-9845940-0
Kaspersky UDS:Trojan-Downloader.Win32.Agentb.a
Alibaba Trojan:Win32/BlackMoon.c8156b36
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira HEUR/AGEN.1140931
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Heur.KVM099.a.(kcloud)
Microsoft Trojan:Win32/Caynamer.A!ml
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Win32.Application.PUPStudio.A
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
McAfee Artemis!A905E8EC7C21
TACHYON Clean
VBA32 BScope.Trojan.Wacatac
Malwarebytes PUP.Optional.ChinAd
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus AdWare.Win32.BlackMoon
eGambit Unsafe.AI_Score_99%
Fortinet W32/CoinMiner.ESFJ!tr
BitDefenderTheta Gen:NN.ZexaF.34790.fmLfaKFYKOeb
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
CrowdStrike win/malicious_confidence_70% (W)
MaxSecure Dropper.Dinwod.frindll
No IRMA results available.