popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-07-14 22:25:32

PDB Path

Gpernfedeefe.pdb

PE Imphash

e92132005097daafddd51d9c4d138d88

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00013a7c 0x00014000 7.86430189325
.rdata 0x00015000 0x000009d8 0x00001000 3.57945035269
.data 0x00016000 0x0001190c 0x00011000 7.84157300496
.rsrc 0x00028000 0x00000420 0x00001000 1.09655664129
.reloc 0x00029000 0x00000118 0x00001000 0.674647982048

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00028060 0x000003bc LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library ESENT.dll:
0x10015010 JetSeek
Library MPRAPI.dll:
0x1001507c MprInfoBlockRemove
Library GDI32.dll:
0x10015018 GetRgnBox
0x1001501c Rectangle
0x10015020 GetTextExtentPointA
0x10015024 GetDeviceGammaRamp
Library WINSPOOL.DRV:
Library ole32.dll:
0x100150fc HPALETTE_UserFree
Library KERNEL32.dll:
0x10015034 CloseHandle
0x10015038 OutputDebugStringA
0x1001503c FindFirstVolumeW
0x10015040 CreateProcessA
0x10015044 IsValidLanguageGroup
0x1001504c LoadLibraryA
0x10015050 GetCurrentThread
0x10015054 LocalSize
0x10015058 GetTempFileNameA
0x1001505c GetCommTimeouts
0x10015060 GetTimeFormatW
0x10015064 lstrcatA
0x10015068 IsDebuggerPresent
0x1001506c GetModuleHandleA
0x10015070 GetProcAddress
Library msvcrt.dll:
0x100150f0 ungetwc
0x100150f4 feof
Library IPHLPAPI.DLL:
0x1001502c FlushIpNetTable
Library OLEAUT32.dll:
0x10015084 SysStringByteLen
0x10015088 VarI4FromDate
Library SHLWAPI.dll:
0x100150a0 StrCSpnIW
Library pdh.dll:
0x10015104 PdhEnumObjectsW
Library mscms.dll:
0x100150e8 GetColorProfileElement
Library WININET.dll:
0x100150d0 InternetCrackUrlA
Library USER32.dll:
0x100150a8 GetClassInfoExW
0x100150ac GetScrollRange
0x100150b4 GetMenu
0x100150b8 DefDlgProcW
0x100150bc GetRawInputDeviceInfoW
0x100150c0 GrayStringW
0x100150c4 GetMenuState
0x100150c8 GetShellWindow
Library ADVAPI32.dll:
0x10015000 LookupPrivilegeValueA
0x10015004 LogonUserA
0x10015008 GetServiceDisplayNameW
Library WINMM.dll:
0x100150d8 mixerSetControlDetails
Library SETUPAPI.dll:
0x10015094 SetupDiInstallClassExA
0x10015098 SetupDiGetClassDevsExW

Exports

Ordinal Address Name
1 0x1001525e DoorrledFgppr
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$$BFPX
D$Dexe
D$@app.
D$<test
D$<9D$<
D$<9D$<
L$jf+D$jf
y8Df9L$R
D$iS9D$<tO
D$<9D$<
D$$f3D$$f
g0,CNr
"1S:yp
5D<F`T
XsaUQv
p.20qM
):=\0f
b_`%=|
Gk2p-M#
1A{cBH
LC!'?3
,",7~C
Llod1U
c]~kMj
\^?}pw
>TGu6r
zt!i)S#
>7Z#`V
pfFGT8
'V\IA E
N#}FfiWt
YF;=M?
T7Gh%]
|Y(1_&j
O{Ovbm
32+w^P)
w@0o<Hvo7
wxQ.=
bPSHcU)
d8'\z}^
&aNHY:
-[g"dbX
%mP9^~VJ
/]~r+e
!coCNN
$qZ==
fBFlGP
zOy\Qva&]
GZlTo`
Pr8sSQ.7
x%ol8A
h![dQk
l@9VhV]
xi'\[U5
6N$BMK
Y.M#lq
<.XC"G
An>BGcm
Cg~5!d iG
m>'HWV|
g2[ +
$-28roYp
oAUVg&
3>VA0IZ
<j:i~?
A&#si0
h|SVFo
06^6ge
9,;>DA]
QTlr(4
oP4QC*
e2{T'a
#!,OYt
j{,N)R
?@2dyq
aD]-z3
=?@d_5
!ZH;m8D9
+[<3\E
!}ToSd
F_K7ulu
:.u=Qt
=Vd[;-
"~9/xbE
VXo@w<
JG]klM
m^)s{/oW
7C"G`_
vB!;{K
&9IsqM
vqX_>$*[
2AYMu2"
a5N`7
Xi-T_x
%\y6T\
vHrdy't&
B1{Ze?
+vA&9
BVmh!>
;(=qM1
bNzpa
>mhF.h
[:Ei,e
}j*m2_
#l.\n|<)"
Nul&s+
loh\k)b
4[E~cjr
S$_x'B:T
WlPiS.
G<;?d
"koHIP
FaMo`6U
bz r_E&!\
*mG~A\
<^f71U
nbwb<\e
v>s|~d
HznXe\
QykiSU
{%z4 l
\kehsFf
_V/Y55
Q+)cQn
K$_gJgeb
g[A:|8~Bw
E\*R,Ur
T$6f5g
7A+L$Hf
D$kPf9
D$4fybuf
eUf;D$
D$,5^W
D$Rf;D$P
fiT$(e
D$$3D$$
Self ex
testapp.exe
Dormittjd.dll
DoorrledFgppr
kernel32.Sleep
Gpernfedeefe.pdb
JetSeek
ESENT.dll
MprInfoBlockRemove
MPRAPI.dll
GetTextExtentPointA
GetDeviceGammaRamp
GetRgnBox
Rectangle
GDI32.dll
FindClosePrinterChangeNotification
WINSPOOL.DRV
HPALETTE_UserFree
ole32.dll
LoadLibraryA
CloseHandle
OutputDebugStringA
FindFirstVolumeW
CreateProcessA
IsValidLanguageGroup
WritePrivateProfileStructW
GetLargestConsoleWindowSize
GetCurrentThread
LocalSize
GetTempFileNameA
GetCommTimeouts
GetTimeFormatW
lstrcatA
IsDebuggerPresent
GetModuleHandleA
GetProcAddress
KERNEL32.dll
ungetwc
msvcrt.dll
FlushIpNetTable
IPHLPAPI.DLL
OLEAUT32.dll
StrCSpnIW
SHLWAPI.dll
PdhEnumObjectsW
pdh.dll
GetColorProfileElement
mscms.dll
InternetCrackUrlA
WININET.dll
DefDlgProcW
GetRawInputDeviceInfoW
GrayStringW
GetMenuState
GetShellWindow
GetMenu
MsgWaitForMultipleObjects
GetScrollRange
GetClassInfoExW
USER32.dll
GetServiceDisplayNameW
LookupPrivilegeValueA
LogonUserA
ADVAPI32.dll
mixerSetControlDetails
WINMM.dll
SetupDiGetClassDevsExW
SetupDiGetDeviceInterfaceDetailA
SetupDiInstallClassExA
SETUPAPI.dll
5MKpp~
ih'a`COy
v/A/2
BCLn<Df4J=
$G/8y7
Q'cwGq1
b3U+xw
Q/}bHF
9Hu&`dDD
oq.SQ;
X&pg>9C}
Z9[t:;
7fXOM7
6"vzw*/E/
Q $Zy9
>>EI]v
VP*kzs
B]`JLL-
l1&K=4
|.-,8r>
'Cq(kR
V2*ZSGD
XoG4w`~
D!NZ~Jp
kD#218(
_V38dA
2U=*7}
N>N3.84
x}oo{P
#`h(v$
tW:.K$B
JHqB&zP
~4IUDF_rWr_
UaPC2iZK
A_&4&t
]Z{>&K
6'rrU#
Z22cAhc
T>xIDc
)PSfZK
&'U3go
irjVZ:M
:NEoj}
.Y#}ek4
}(h+.VH
ys?^k`
J~wO]q
s&'Z.'S
C5x1i^R
;!#=s'
&O]&*6
4dfFAgn
^' /H+@
Ee1DCQI'.
|t=:z
:fS^zPn
B#q)0DP
Ma0ta.V5
rmv!9mO
c5emc:
w6Wo3b
L}{^YT
_n 1OG
&&MK0d
0!CE|+L
GC-N9MU
Z`rgil
{[t7\h_
H4emp!z
9f 559
RS!7gF
e`o@M'R
~P5?.[
<rhxsTb
RTUYaO
8V^IwQ
c9mW'8
6LsFfpF7T
RVL52^
Ko,O^[
'Wxs`H
>ZE89I
_DQ({-
Rq"jh"
GI3h.wA
H;^D+x
5DFBB;
S;9a.
xsU>EP_
+'C~,z
@23U/*
Ya]7_~
,d>w8RB`
43.s#L
jiMNCl
|"^~VZ
5p9\ao-:
i%/eMH
n\4:Wk
)!fw8
]Y<JA)/
'Z+zH;G
vp!c|l
c&o5pyvd
)P^?TX
xbBg;b
9(z+n
sRs^T
2v~,]l
?=FHiO
;K@] r
ygS,JMh
mSY!5[
{wV{n/N
6c|=Pi
BM[4ZV
k{T4jO|
T$((`Z$
K9BmUY
%\?WU<pu0
xPStcD4
061A1K1Q1[1u2}2
4$90969A9
888(9.9@9F9L9R9H:N:T:Z:`:f:l:r:x:
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
CompanyName
Citrix Systems, Inc.
FileDescription
Credentials
FileVersion
8.68.5.00000
InternalName
Dihzehtreof.resources.dll
LegalCopyright
Copyright
1990-2017 Citrix Systems, Inc. All rights reserved.
OriginalFilename
Dihzehtreof.resources.dll
ProductName
Dihzeh Reofqehs
ProductVersion
8.68.5.00000
Assembly Version
4.12.0.18013
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
CMC Clean
CAT-QuickHeal Clean
McAfee RDN/Generic.grp
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00549d461 )
BitDefender Clean
K7GW Trojan ( 00549d461 )
Cybereason malicious.990cab
Baidu Clean
Cyren Clean
Symantec Packed.Generic.553
ESET-NOD32 Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win32/EmotetedCryptc.180910
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
FireEye Generic.mg.a3cdbeb1d41c114b
Sophos Mal/Generic-R + Mal/EncPk-APX
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Microsoft Trojan:Win32/Wacatac.B!ml
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Win32.Trojan-Downloader.Dridex.KL4SGZ
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
VBA32 Clean
ALYac Clean
TACHYON Clean
Malwarebytes MachineLearning/Anomalous.100%
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H07GE21
Rising Trojan.Generic@ML.96 (RDML:l5aafO39/g+AuDoZEbzzdw)
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZexaF.34796.ku0@ambSgrf
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
Qihoo-360 Clean
No IRMA results available.