Static | ZeroBOX

PE Compile Time

1970-01-01 09:00:00

PE Imphash

cb664df5fa904736e15ac44ff006d780

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00034f44 0x00035000 6.53171332725
.data 0x00036000 0x00000038 0x00000200 0.514199596014
.rdata 0x00037000 0x00002da8 0x00002e00 6.91825456902
/4 0x0003a000 0x00009014 0x00009200 4.46792609834
.bss 0x00044000 0x00000440 0x00000000 0.0
.idata 0x00045000 0x00000ea4 0x00001000 4.97535890805
.CRT 0x00046000 0x00000038 0x00000200 0.333499414248
.tls 0x00047000 0x00000008 0x00000200 0.0

Imports

Library KERNEL32.dll:
0x4452b4 GetCurrentProcess
0x4452b8 GetCurrentProcessId
0x4452bc GetCurrentThreadId
0x4452c0 GetTickCount
0x4452c8 TerminateProcess
0x4452d0 VirtualProtect
0x4452d4 VirtualQuery
Library msvcrt.dll:
0x4452dc __getmainargs
0x4452e0 __initenv
0x4452e4 __lconv_init
0x4452e8 __p__acmdln
0x4452ec __p__fmode
0x4452f0 __set_app_type
0x4452f4 __setusermatherr
0x4452f8 _amsg_exit
0x4452fc _cexit
0x445300 _fmode
0x445304 _fpreset
0x445308 _initterm
0x44530c _iob
0x445310 _onexit
0x445314 abort
0x445318 calloc
0x44531c exit
0x445320 fprintf
0x445324 free
0x445328 fwrite
0x44532c malloc
0x445330 memcmp
0x445334 memcpy
0x445338 memmove
0x44533c memset
0x445340 signal
0x445344 strlen
0x445348 strncmp
0x44534c vfprintf
Library WS2_32.dll:
0x445354 WSACleanup
0x445358 WSAGetLastError
0x44535c WSASocketW
0x445360 WSAStartup
0x445364 closesocket
0x445368 connect
0x44536c freeaddrinfo
0x445370 getaddrinfo
0x445374 ioctlsocket
0x445378 recv
0x44537c send
0x445380 setsockopt
0x445384 shutdown
Library ADVAPI32.dll:
0x44538c RegCloseKey
0x445390 RegEnumKeyExW
0x445394 RegOpenKeyExW
0x445398 RegQueryInfoKeyW
0x44539c RegQueryValueExW
Library CRYPT32.dll:
0x4453a4 CryptUnprotectData
Library GDI32.dll:
0x4453ac BitBlt
0x4453b0 CreateCompatibleDC
0x4453b4 CreateDIBSection
0x4453b8 DeleteObject
0x4453bc GetCurrentObject
0x4453c0 GetObjectW
0x4453c4 SelectObject
Library KERNEL32.dll:
0x4453cc CloseHandle
0x4453d0 CreateDirectoryW
0x4453d4 CreateFileW
0x4453d8 CreateProcessA
0x4453e4 DeviceIoControl
0x4453ec FindClose
0x4453f0 FindFirstFileW
0x4453f4 FindNextFileW
0x4453f8 FormatMessageW
0x4453fc GetComputerNameW
0x445400 GetConsoleMode
0x44540c GetLastError
0x445410 GetLocaleInfoW
0x445414 GetModuleFileNameW
0x445418 GetModuleHandleW
0x44541c GetProcAddress
0x445420 GetProcessHeap
0x445424 GetStartupInfoA
0x445428 GetStdHandle
0x44542c GetSystemInfo
0x445434 GetTempPathW
0x445444 HeapAlloc
0x445448 HeapFree
0x44544c HeapReAlloc
0x445458 LoadLibraryA
0x44545c LocalFree
0x445460 Process32First
0x445464 Process32Next
0x445468 ReadFile
0x44546c SetFilePointerEx
0x445474 SetLastError
0x44547c Sleep
0x445480 TlsAlloc
0x445484 TlsGetValue
0x445488 TlsSetValue
0x44548c WriteConsoleW
0x445490 WriteFile
Library USER32.dll:
0x445498 EnumDisplayDevicesW
0x44549c GetDC
0x4454a0 GetDesktopWindow
0x4454a8 GetSystemMetrics
0x4454ac GetWindowRect

!This program cannot be run in DOS mode.
P`.data
.rdata
0@.bss
.idata
Q ^_[]
tX<"t[<'t^<\uw
jWYj0_
D$PRQP
D$0RQP
j4XjdZ
X83r03z,
@<3r03z,
3Z 3r4
L$8uMj
D$4@pC
L$H;|$H
L$<+T$
D$4jHX
\$Hj[Z
L$Dj:Z
L$Dj:Z
T$P9\$
f;t$<s3
L$$j ^
t5kt$T4
tMkt$L
|$Tj _
XY94$u
T$<j Z
t9kt$`4
tSkt$X
D$ QSV
D$Xkt$`8
D$4;D$@uP
D$0;T$
VSjXP
D$Hj X
CShTwC
XY9|$0
XY9t$0u
D$`"D$
D$$!&@
D$$'(@
j#ZQRV
D$0kt$8
j,ZQRS
j.ZQRW
XPSj.XP
VWjXP
D$$9$@
j3^QVS
Qj4[SW
j)^QVR
D$$6OB
D$$0'@
XYj8Yj
Qj YQS
VWj XP
D$hkT$t$
t$0it$
D$<1D$
3t$83\$
3t$@3D$D
\$H3|$
L$$3L$,3L$4
L$(3D$
PQPWVS
<8\tcG
D$0;D$4t
\$x;\$tu
t$,;T$lut
JH;JDu$
3E(PWRQV
(s j@Y)
s j@Y)
MZuWVS
failed to fill whole buffercould not resolve to any addresses
b:m-8f
xW)0Jf
vJ?VBx
5WhJBYm
iJ-|i/#
kernel32.dll
InvalidLengthInvalidByte
FromUtf8Errorbytes
0x00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899[]
}}
./?\]_
)147:;=IJ]
)14:;EFIJ^de
)EIWde
INOWY^_
FGNOXZ\^~
no7=?BE
)14:EFIJNOde\
#%&(38:HJLPSUVXZ\^`cefksx}
invalid utf-8 sequence of bytes from index incomplete utf-8 byte sequence from index
Utf8Errorvalid_up_toerror_len
"SomeNone
Oscode
kindmessage
Custom
UnexpectedEofNotFoundPermissionDeniedConnectionRefusedConnectionResetConnectionAbortedNotConnectedAddrInUseAddrNotAvailableBrokenPipeAlreadyExistsWouldBlockInvalidInputInvalidDataTimedOutWriteZeroInterruptedOtherN
OS Error (FormatMessageW() returned invalid UTF-16) (FormatMessageW() returned error )formatter error
failed to write whole buffer:
invalid argument
..\\?\.\UNC\Windows stdio in console mode does not support writing non-UTF-8 byte sequences
\data provided contains a nul byteSleepConditionVariableSRWkernel32ReleaseSRWLockExclusiveAcquireSRWLockExclusive
fatal runtime error:
assertion failed: key != 0WakeConditionVariable
invalid socket addressinvalid port valuestrings passed to WinAPI cannot contain NULsinvalid utf-8: corrupt contentsinvalid utf-8stream did not contain valid UTF-8
(os error other os erroroperation interruptedwrite zerotimed outinvalid datainvalid input parameteroperation would blockentity already existsbroken pipeaddress not availableaddress in usenot connectedconnection abortedconnection resetconnection refusedpermission deniedentity not foundunexpected end of fileGetSystemTimePreciseAsFileTime
memory allocation of bytes failed
Unknown error
_matherr(): %s in %s(%g, %g) (retval=%g)
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
The result is too small to be represented (UNDERFLOW)
Total loss of significance (TLOSS)
Partial loss of significance (PLOSS)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_onexit
calloc
fprintf
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf
WSACleanup
WSAGetLastError
WSASocketW
WSAStartup
closesocket
connect
freeaddrinfo
getaddrinfo
ioctlsocket
setsockopt
shutdown
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
CryptUnprotectData
BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteObject
GetCurrentObject
GetObjectW
SelectObject
CloseHandle
CreateDirectoryW
CreateFileW
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetComputerNameW
GetConsoleMode
GetEnvironmentVariableW
GetFileInformationByHandle
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTimeZoneInformation
GetUserDefaultLocaleName
GlobalMemoryStatusEx
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
Process32First
Process32Next
ReadFile
SetFilePointerEx
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
WriteConsoleW
WriteFile
EnumDisplayDevicesW
GetDesktopWindow
GetKeyboardLayoutList
GetSystemMetrics
GetWindowRect
KERNEL32.dll
msvcrt.dll
WS2_32.dll
ADVAPI32.dll
CRYPT32.dll
GDI32.dll
KERNEL32.dll
USER32.dll
.eh_frame
jjjjjjj
jjjjjjj
jjjjjjj
NTDLL.DLL
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Zudochka.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Doina.7190
CMC Clean
CAT-QuickHeal Trojan.Zudochka
McAfee GenericRXMH-DA!270C38595915
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0001555e1 )
BitDefender Gen:Variant.Doina.7190
K7GW Trojan ( 0001555e1 )
Cybereason malicious.959159
Baidu Clean
Cyren W32/Agent.CFX.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/Agent.UKB
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.FickerStealer-9805476-1
Kaspersky HEUR:Trojan.Win32.Zudochka.vho
Alibaba TrojanDownloader:Win32/Stealer.e3f3d02c
NANO-Antivirus Trojan.Win32.Ficker.iqqcxe
ViRobot Trojan.Win32.Z.Zudochka.272910
Tencent Win32.Trojan.Malware.Hooq
Ad-Aware Gen:Variant.Doina.7190
Emsisoft Trojan.Agent (A)
Comodo Malware@#23yxbayqoakan
F-Secure Clean
DrWeb Trojan.PWS.Stealer.29929
Zillya Trojan.Agent.Win32.2176835
TrendMicro TrojanSpy.Win32.FICKERSTEALER.SMTH.hp
McAfee-GW-Edition BehavesLike.Win32.Injector.dh
FireEye Generic.mg.270c385959159964
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
GData Gen:Variant.Doina.7190
Jiangmin Trojan.PSW.Ficker.ej
MaxSecure Trojan.Malware.74718315.susgen
Avira TR/Agent.bjchm
MAX malware (ai score=100)
Antiy-AVL Trojan/Generic.ASMalwS.3374A20
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Doina.D1C16
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Ransom:Win32/Zudochka
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.FickerStealer.R352614
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.34790.qGX@aOESqXf
ALYac Trojan.PSW.Ficker
TACHYON Clean
VBA32 BScope.Trojan.Zudochka
Malwarebytes Spyware.FickerStealer
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall TrojanSpy.Win32.FICKERSTEALER.SMTH.hp
Rising Clean
Yandex Trojan.Zudochka!822ndTsjxTI
Ikarus Trojan-Spy.FickerStealer
eGambit Unsafe.AI_Score_99%
Fortinet W32/Agent.UKB!tr
Webroot W32.Trojan.Ficker
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Win32/Ransom.Zudochka.HgIASWUA
No IRMA results available.