popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-07-28 22:38:03

PE Imphash

458d7355fbf070054838e3593829db8d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006298 0x00006200 4.41046960153
.rdata 0x00008000 0x0001e810 0x0001ea00 7.74601030435
.data 0x00027000 0x00007f4a 0x00006200 6.8861328301
.rsrc 0x0002f000 0x00000bbe 0x00000600 3.05203309104
.reloc 0x00030000 0x00000900 0x00000a00 5.71821828169

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002f060 0x000004b4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library USER32.dll:
0x10008030 TranslateMessage
0x10008038 FindWindowExA
Library WS2_32.dll:
0x10008040 accept
Library msvcrt.dll:
0x10008048 memset
Library ADVAPI32.dll:
0x10008004 RegOverridePredefKey
Library MPRAPI.dll:
0x10008020 MprInfoDelete
Library SHLWAPI.dll:
0x10008028 PathRemoveBlanksA
Library KERNEL32.dll:
0x1000800c GlobalSize
0x10008010 CloseHandle
0x10008014 GetModuleFileNameA
0x10008018 OutputDebugStringA
`.rdata
@.data
@.reloc
D$>f+D$>f
fiD$>Jsf
D$w"D$w
T$\+D$l9
T$4fit$
D$<KFRc
D$x#D$x
D$x#D$x
D$x9L$8
T$w"T$w
D$w"D$w
f+T$|f
T$(*L$w
L$\3L$`
L$$+D$H)
D$72D$7
L$ =PE
D$_2D$_
\$_"\$_
D$x9t$\
QYH*E,j
IE|<m9;G3
R+x/LO
39X])=
p9X] =
f^B"!b9
z/}_PO
_TG){Q
|m|O\P
m/._=
p^1YFd>
3DOd78
m;.+1
p\K|HA
|m<OtO
}CMO,\
|3DOd7D~
d,LO,\
ZP.)vt
+QYGd>
|3DO\7TP
p^!YM1
4,LODu,Y<C
z3T;Q7P
p=IYG(
|&tO\O
X=.)w9+7
XX6dZ?5
|3DO\7
e9/0t6
?M2}LP.)Zp
|3DOh7t6
|3DOP7t3
|3DOp7
|3DO|7
Om#FKuD
kmp~yd
|m|O0O
fGaYFd>
|1<OPN
*+)4a?
mW.;1
3DOT7t2
+LODu,Yt
IE|<3y
opW*i
+y+LO,
|3DOx7
3DO`7\
J9XQ)=
QtLO(T
Hcj;}&
|1DOP7$
|3DO\7<
6"!*}&
|3DOP7$
KC*ZU`p
|3DOP7
Pzy#&p
q5LOM
*|+LO,
qGSYN,
1LOP7\
?kGY;iM
3DOP7<
KGZzeb
UG)c2k=
`.tjM^>
1LOP7L
tX6ddd4
t=IzZo
&No8]
t=IzZo
E2Q8-O
|3DOP7
kUG)x2
3DO`7|
{&tOTO
|3DOP7
{*M^#8
|3DO`7
>]0[Alz
F,H0#N
gokQM6
UG(zRw
n3DOP7
{3DOP7$
sQp~yd(#+L
d0^+L:
kdE;Psy
Y^;t3K#_a
|3DOP7
1iO7l*I
{/p\j[
|3DOx7
R]2WAnL
{[@*KN
|3DOP7
-LO*\
Ut(~2k=
VjF<OZ
NjZj]]H
\<[o"M
MK#]cHv
{3DO\7
;|zlZ
"c/ Q5
0G^Yfd>
AN4S_k
bNgbDt
I"3,}&
a1<O`N
]Q^"!b
lOP7$;
9>87s|
|3DOl7
UYF*BB~G
Dk/$>5
V4Q8-K
}vvsX=
=UzLbP
UP(}2}T
zp2Dn
/C?7c*
&9AlT"
[us*ut
VoG(sV
iF,4Ak
iQNc>d
qj>14r@
?L?wt
V9B_WjG
5{.dO-
D? =d4I
n-FQB:
?!p4qt
7mtlc
|pcNl]\
z1z3<Z
3sv:0=4
O",G:nOI,
/v3*E.
0MQ\FU
T46@lgz2O
,kxC56
IF!L4k
Ekh:N6
ZF1UEk
Ufk_:w6
4X["S
pGIaF@
pCIPFE
p6IPFG
pAIcF<
p:IWFK
p4ISF<
pEIXF>
p7IdF:
pazazm.
Q?uE7T
resting,rKgbeenusers
rageGR
rab70AT2015
RcanzshowedslaunchedpepperBV
rnBpost42charlesboomerinRhrome
WfilesRhromeaRinux,
rakeimmediatelyexprrimental
xDpOiuurerF
drvelopers,insteadg4,7
February4Cmouse-rlirking2onlyAwn
rIRctoberPthe
Adblockfeaturesf36%u4BKA
YamericaQRQQrocket
jOtherinD
mconstraintYsupport
9summer1ChromeAThisprofessorshortcuts
browserunderFebruarymtestb
neJCK9Service
withhZh
BEconomicmodetypes
Originally,accordingis6requestsfrom,V
744siteslW3C,
tttt32
rrpokdmgnn``.dll
FnloderTrRppee
kernel32.Sleep
Dpperse.pdb
FindWindowExA
GetWindowThreadProcessId
TranslateMessage
USER32.dll
WS2_32.dll
memset
msvcrt.dll
AddUsersToEncryptedFile
RegOverridePredefKey
ADVAPI32.dll
MprInfoDelete
MPRAPI.dll
PathRemoveBlanksA
SHLWAPI.dll
GlobalSize
CloseHandle
GetModuleFileNameA
OutputDebugStringA
KERNEL32.dll
"Zl`jm*
iW=kXD
\hW=kcva SWT
,af7UbR+'
Rh"<w#Q
x:n^ub
Iwx%GA
BiftT
`JKK z^
aC`JGH;
pRnUs:
i7UbJg
y'`J/H
*q5AFE
+KT~o4*
Ru5i>Z
LHiCXs
xl^Q?ud
z/M34A
>l=CKqg
CqCKqg
qd80W7
4 4$4(4,40444<4@4D4H4L4P4T4X4\4`4d4h4l4
5,5054585<5@5D5H5L5P5T5X5
6`6t6x6|6
7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8
9 9$9(9,9094989@9D9H9L9P9T9X9\9`9d9h9l9p9
:0:4:8:<:@:D:H:L:P:T:X:\:
;d;x;|;
<P<T<X<\<`<d<h<l<p<t<x<|<
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=
> >$>(>,>0>4>8><>D>H>L>P>T>X>\>`>d>h>l>p>t>
?4?8?<?@?D?H?L?P?T?X?\?`?
0 0h0|0
1T1X1\1`1d1h1l1p1t1x1|1
2(2,2024282<2@2D2H2L2P2T2X2\2`2d2
3 3$3(3,3034383<3@3H3L3P3T3X3\3`3d3h3l3p3t3x3
484<4@4D4H4L4P4T4X4\4`4d4
5 5$5l5
6X6\6`6d6h6l6p6t6x6|6
7,7074787<7@7D7H7L7P7T7X7\7`7d7h7
8 8$8(8,8084888<8@8D8L8P8T8X8\8`8d8h8l8p8t8x8|8
9<9@9D9H9L9P9T9X9\9`9d9h9
: :$:(:p:
;\;`;d;h;l;p;t;x;|;
<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<
= =$=(=,=0=4=8=<=@=D=H=P=T=X=\=`=d=h=l=p=t=x=|=
>@>D>H>L>P>T>X>\>`>d>h>l>
? ?$?(?,?t?
0`0d0h0l0p0t0x0|0
0 14181<1@1D1H1L1P1T1X1\1`1d1h1l1p1
eszfirstCand7Unique9
HVPIDZ
backgrourd.there1M518fire
srored.AbrendigitaluPkWindowsaY
nrooglefurkmetheafterYJ
roolbar,usrrs333333Aracebook,cmost
Tqandapollophased7DrhromejF
vrrsionpDExrlorerincludedGrogleWE
thatPnew
iallowslater.8F
beitrhrrmeThewithone8tabletsa3.0
HKofmrximumk3
vSilverright18,capabilitiespopularitywinWindowsTheiloveyou
fortoFothrrdFlashshare.30UinstanceChrrme
rebsitestheU5launch
the4arto-uprate.190ashithead2iHK2
jthatP
,srsrem.192E6r66r6prrcersesZrerurity
verrroneither.1r3n
w2jcrnnrcteddwithw3,once
marrer84Ofthem.29
YfrrmatFT
1919urtilHinOnsrcrrtadW
mderoding.150slryerkwith4on1
sYarcessLRAYaThe
f6TSertemberLmNoRA
YrsthaveGoorretechrologierSruirrelrishHe193jz
ZthatA
untilLW7
sjusrinYafterx1A
markGrorleZlogsa
rrromecorelease.30r
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
Thanks to Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation
CompanyName
The PHP Group
FileDescription
FileVersion
InternalName
HSY8_12B heunwssnr
LegalCopyright
Copyright
1997-2018 The PHP Group
LegalTrademarks
OriginalFilename
hsy_utu8_12u.dll
ProductName
ProductVersion
http://www.php.net
VarFileInfo
Translation
No antivirus signatures available.
No IRMA results available.