popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-07-31 10:20:56

PE Imphash

458d7355fbf070054838e3593829db8d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006757 0x00006200 4.44302279422
.rdata 0x00008000 0x0001ee91 0x0001ea00 7.74594933634
.data 0x00027000 0x00007d80 0x00006200 6.8861328301
.rsrc 0x0002f000 0x00000b2f 0x00000600 3.05203309104
.reloc 0x00030000 0x00000c06 0x00000a00 5.71821828169

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002f060 0x000004b4 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library USER32.dll:
0x10008030 TranslateMessage
0x10008038 FindWindowExA
Library WS2_32.dll:
0x10008040 accept
Library msvcrt.dll:
0x10008048 memset
Library ADVAPI32.dll:
0x10008004 RegOverridePredefKey
Library MPRAPI.dll:
0x10008020 MprInfoDelete
Library SHLWAPI.dll:
0x10008028 PathRemoveBlanksA
Library KERNEL32.dll:
0x1000800c GlobalSize
0x10008010 CloseHandle
0x10008014 GetModuleFileNameA
0x10008018 OutputDebugStringA
`.rdata
@.data
@.reloc
D$>f+D$>f
fiD$>Jsf
D$w"D$w
T$\+D$l9
T$4fit$
D$<KFRc
D$x#D$x
D$x#D$x
D$x9L$8
T$w"T$w
D$w"D$w
f+T$|f
T$(*L$w
L$\3L$`
L$$+D$H)
D$72D$7
L$ =PE
D$_2D$_
\$_"\$_
D$x9t$\
QYH*E,j
IE|<m9;G3
R+x/LO
39X])=
p9X] =
f^B"!b9
z/}_PO
_TG){Q
|m|O\P
m/._=
p^1YFd>
3DOd78
m;.+1
p\K|HA
|m<OtO
}CMO,\
|3DOd7D~
d,LO,\
ZP.)vt
+QYGd>
|3DO\7TP
p^!YM1
4,LODu,Y<C
z3T;Q7P
p=IYG(
|&tO\O
X=.)w9+7
XX6dZ?5
|3DO\7
e9/0t6
?M2}LP.)Zp
|3DOh7t6
|3DOP7t3
|3DOp7
|3DO|7
Om#FKuD
kmp~yd
|m|O0O
fGaYFd>
|1<OPN
*+)4a?
mW.;1
3DOT7t2
+LODu,Yt
IE|<3y
opW*i
+y+LO,
|3DOx7
3DO`7\
J9XQ)=
QtLO(T
Hcj;}&
|1DOP7$
|3DO\7<
6"!*}&
|3DOP7$
KC*ZU`p
|3DOP7
Pzy#&p
q5LOM
*|+LO,
qGSYN,
1LOP7\
?kGY;iM
3DOP7<
KGZzeb
UG)c2k=
`.tjM^>
1LOP7L
tX6ddd4
t=IzZo
&No8]
t=IzZo
E2Q8-O
|3DOP7
kUG)x2
3DO`7|
{&tOTO
|3DOP7
{*M^#8
|3DO`7
>]0[Alz
F,H0#N
gokQM6
UG(zRw
n3DOP7
{3DOP7$
sQp~yd(#+L
d0^+L:
kdE;Psy
Y^;t3K#_a
|3DOP7
1iO7l*I
{/p\j[
|3DOx7
R]2WAnL
{[@*KN
|3DOP7
-LO*\
Ut(~2k=
VjF<OZ
NjZj]]H
\<[o"M
MK#]cHv
{3DO\7
;|zlZ
"c/ Q5
0G^Yfd>
AN4S_k
bNgbDt
I"3,}&
a1<O`N
]Q^"!b
lOP7$;
9>87s|
|3DOl7
UYF*BB~G
Dk/$>5
V4Q8-K
}vvsX=
=UzLbP
UP(}2}T
zp2Dn
/C?7c*
&9AlT"
[us*ut
VoG(sV
iF,4Ak
iQNc>d
qj>14r@
?L?wt
V9B_WjG
5{.dO-
D? =d4I
n-FQB:
?!p4qt
7mtlc
|pcNl]\
z1z3<Z
3sv:0=4
O",G:nOI,
/v3*E.
0MQ\FU
T46@lgz2O
,kxC56
IF!L4k
Ekh:N6
ZF1UEk
Ufk_:w6
4X["S
pGIaF@
pCIPFE
p6IPFG
pAIcF<
p:IWFK
p4ISF<
pEIXF>
p7IdF:
pazazm.
Q?uE7T
cmC%yresting,rKgbeenusers
rageGR
rab70AT2015
RcanzshowedslaunchedpepperBV
rnBpost42charlesboomerinRhrome
WfilesRhromeaRinux,
rakeimmediatelyexprrimental
xDpOiuurerF
drvelopers,insteadg4,7
February4Cmouse-rlirking2onlyAwn
rIRctoberPthe
Adblockfeaturesf36%u4BKA
YamericaQRQQrocket
jOtherinD
mconstraintYsupport
9summer1ChromeAThisprofessorshortcuts
browserunderFebruarymtestb
neJCK9Service
withhZh
BEconomicmodetypes
Originally,accordingis6requestsfrom,V
744siteslW3C,
tttt32
rrpokdmgnn``.dll
FnloderTrRppee
kernel32.Sleep
Dpperse.pdb
FindWindowExA
GetWindowThreadProcessId
TranslateMessage
USER32.dll
WS2_32.dll
memset
msvcrt.dll
AddUsersToEncryptedFile
RegOverridePredefKey
ADVAPI32.dll
MprInfoDelete
MPRAPI.dll
PathRemoveBlanksA
SHLWAPI.dll
GlobalSize
CloseHandle
GetModuleFileNameA
OutputDebugStringA
KERNEL32.dll
"Zl`jm*
iW=kXD
\hW=kcva SWT
,af7UbR+'
Rh"<w#Q
x:n^ub
Iwx%GA
BiftT
`JKK z^
aC`JGH;
pRnUs:
i7UbJg
y'`J/H
*q5AFE
+KT~o4*
Ru5i>Z
LHiCXs
xl^Q?ud
z/M34A
>l=CKqg
CqCKqg
qd80W7
4 4$4(4,40444<4@4D4H4L4P4T4X4\4`4d4h4l4
5,5054585<5@5D5H5L5P5T5X5
6`6t6x6|6
7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8
9 9$9(9,9094989@9D9H9L9P9T9X9\9`9d9h9l9p9
:0:4:8:<:@:D:H:L:P:T:X:\:
;d;x;|;
<P<T<X<\<`<d<h<l<p<t<x<|<
=$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=
> >$>(>,>0>4>8><>D>H>L>P>T>X>\>`>d>h>l>p>t>
?4?8?<?@?D?H?L?P?T?X?\?`?
0 0h0|0
1T1X1\1`1d1h1l1p1t1x1|1
2(2,2024282<2@2D2H2L2P2T2X2\2`2d2
3 3$3(3,3034383<3@3H3L3P3T3X3\3`3d3h3l3p3t3x3
484<4@4D4H4L4P4T4X4\4`4d4
5 5$5l5
6X6\6`6d6h6l6p6t6x6|6
7,7074787<7@7D7H7L7P7T7X7\7`7d7h7
8 8$8(8,8084888<8@8D8L8P8T8X8\8`8d8h8l8p8t8x8|8
9<9@9D9H9L9P9T9X9\9`9d9h9
: :$:(:p:
;\;`;d;h;l;p;t;x;|;
<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<l<
= =$=(=,=0=4=8=<=@=D=H=P=T=X=\=`=d=h=l=p=t=x=|=
>@>D>H>L>P>T>X>\>`>d>h>l>
? ?$?(?,?t?
0`0d0h0l0p0t0x0|0
0 14181<1@1D1H1L1P1T1X1\1`1d1h1l1p1
eszfirstCand7Unique9
HVPIDZ
backgrourd.there1M518fire
srored.AbrendigitaluPkWindowsaY
nrooglefurkmetheafterYJ
roolbar,usrrs333333Aracebook,cmost
Tqandapollophased7DrhromejF
vrrsionpDExrlorerincludedGrogleWE
thatPnew
iallowslater.8F
beitrhrrmeThewithone8tabletsa3.0
HKofmrximumk3
vSilverright18,capabilitiespopularitywinWindowsTheiloveyou
fortoFothrrdFlashshare.30UinstanceChrrme
rebsitestheU5launch
the4arto-uprate.190ashithead2iHK2
jthatP
,srsrem.192E6r66r6prrcersesZrerurity
verrroneither.1r3n
w2jcrnnrcteddwithw3,once
marrer84Ofthem.29
YfrrmatFT
1919urtilHinOnsrcrrtadW
mderoding.150slryerkwith4on1
sYarcessLRAYaThe
f6TSertemberLmNoRA
YrsthaveGoorretechrologierSruirrelrishHe193jz
ZthatA
untilLW7
sjusrinYafterx1A
markGrorleZlogsa
rrromecorelease.30r
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
Thanks to Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation
CompanyName
The PHP Group
FileDescription
FileVersion
InternalName
HSY8_12B heunwssnr
LegalCopyright
Copyright
1997-2018 The PHP Group
LegalTrademarks
OriginalFilename
hsy_utu8_12u.dll
ProductName
ProductVersion
http://www.php.net
VarFileInfo
Translation
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.8b8ec117d4cc2eb8
CAT-QuickHeal Clean
Qihoo-360 Clean
McAfee Artemis!8B8EC117D4CC
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Drixed.cc
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Suspicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Program:Win32/Wacapew.C!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
BitDefenderTheta Gen:NN.ZedlaF.34050.lu8@auJk8Spi
ALYac Clean
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.80 (RDML:SPdj8aarMjSQ4/sr1gkJgg)
Yandex Clean
Ikarus Clean
eGambit Unsafe.AI_Score_99%
Fortinet Malicious_Behavior.SB
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
MaxSecure Clean
No IRMA results available.