Static | ZeroBOX

PE Compile Time

2021-08-04 18:52:27

PE Imphash

d8dda11e9d039cb0a1c2e717bdda6d64

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00003e52 0x00004000 5.70110334191
.rdata 0x00005000 0x00000eca 0x00001000 4.30021210557
.data 0x00006000 0x000004e4 0x00000400 5.19718317258
.rsrc 0x00007000 0x000005c0 0x00000600 3.73974759713
.reloc 0x00008000 0x00000354 0x00000400 5.93943986187

Resources

Name Offset Size Language Sub-language File type
RT_MENU 0x000071b0 0x0000004a LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00007210 0x00000120 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00007210 0x00000120 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00007410 0x0000002c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x00007200 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00007440 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library MSVCRT.dll:
0x405048 _controlfp
0x40504c memcpy
0x405050 _CxxThrowException
0x405054 _except_handler3
0x405058 __set_app_type
0x40505c __p__fmode
0x405060 __p__commode
0x405064 _adjust_fdiv
0x405068 __setusermatherr
0x40506c _initterm
0x405070 __wgetmainargs
0x405074 _wcmdln
0x405078 exit
0x40507c _XcptFilter
0x405080 _exit
0x405088 ??3@YAXPAX@Z
0x40508c memset
0x405090 wcstol
0x405094 ??2@YAPAXI@Z
0x405098 memmove
Library dbghelp.dll:
0x405118 MiniDumpWriteDump
Library KERNEL32.dll:
0x405008 GetFileSize
0x40500c VirtualProtect
0x405010 GetCurrentProcess
0x405014 GetStartupInfoW
0x405018 GetModuleHandleW
0x40501c GetCurrentProcessId
0x405020 ReadFile
0x405024 CloseHandle
0x405028 CreateFileW
0x40502c SetFilePointer
0x405030 WriteFile
Library USER32.dll:
0x4050a0 LoadCursorW
0x4050a4 LoadIconW
0x4050a8 TranslateMessage
0x4050b0 GrayStringA
0x4050b4 SendDlgItemMessageW
0x4050b8 DispatchMessageW
0x4050bc ShowWindow
0x4050c0 LoadStringW
0x4050c4 LoadAcceleratorsW
0x4050c8 RegisterClassExW
0x4050cc MessageBeep
0x4050d0 SetWindowTextW
0x4050d4 EndDialog
0x4050d8 SendMessageW
0x4050dc CreateWindowExW
0x4050e0 MessageBoxW
0x4050e4 GetDC
0x4050e8 DestroyWindow
0x4050ec DefWindowProcW
0x4050f0 GetMessageW
0x4050f4 GetWindowLongW
0x4050f8 GetDlgItem
0x4050fc PostQuitMessage
0x405100 DialogBoxParamW
0x405104 UpdateWindow
0x405108 EndPaint
0x40510c GetWindowTextW
0x405110 BeginPaint
Library COMDLG32.dll:
0x405000 GetOpenFileNameW
Library MSVCP140.dll:

!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
jdh(c@
Unknown exception
vector<T> too long
string too long
invalid string position
.text$mn
.text$x
.idata$5
.rdata
.rdata$r
.rdata$zzzdbg
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.data$r
.rsrc$01
.rsrc$02
memmove
wcstol
??2@YAPAXI@Z
??3@YAXPAX@Z
MSVCRT.dll
??1type_info@@UAE@XZ
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
MiniDumpWriteDump
dbghelp.dll
ReadFile
VirtualProtect
GetCurrentProcess
WriteFile
SetFilePointer
CreateFileW
CloseHandle
GetFileSize
GetCurrentProcessId
GetModuleHandleW
GetStartupInfoW
KERNEL32.dll
GetWindowTextW
EndPaint
BeginPaint
UpdateWindow
DialogBoxParamW
PostQuitMessage
GetDlgItem
LoadCursorW
LoadIconW
TranslateMessage
TranslateAcceleratorW
GrayStringA
SendDlgItemMessageW
DispatchMessageW
ShowWindow
LoadStringW
LoadAcceleratorsW
RegisterClassExW
MessageBeep
SetWindowTextW
EndDialog
SendMessageW
CreateWindowExW
MessageBoxW
DestroyWindow
DefWindowProcW
GetMessageW
GetWindowLongW
USER32.dll
GetOpenFileNameW
COMDLG32.dll
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
MSVCP140.dll
_CxxThrowException
memcpy
memset
.?AVtype_info@@
.PAVexception@std@@
.?AVexception@std@@
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
"0'0M0T0[0b0h0p0v0}0
0G1m1}1
6,767H7q7
99+9;9A9W9a9h9
:':7:O:[:h:w:
; ;*;1;9;L;Q;Y;^;h;o;x;
<<0<7<<<C<Z<
>%>7>J>d>k>
?)?0?6?=?M?`?z?
0 0B0g0
232=2U2p2t2x2|2
3+303A3F3W3\3m3r3
44'4R4
7%7H7X7{7
9.959@9{9
;6;I<_<
23+3V3
44J4m4
5A5c5o5
6:6]6F8
1$1,101|3
4 484<4P4
6<6D6P6t6|6
7(747T7`7h7
888@8\8
^D4^s<#
Q/ljiU{E
PAI4yI}?
!G~Wf%
!Oo_Am
(O5:5@
PaG+;`r
$>(%Br?5t?X
RUn\Sa,u
O>:3BQ
I0#Eo5Q
knWHW.
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
`?v_${&
D#ZmtbY
C"byb2
U@fAHs58v
<LZ*!]T
H}7&o/
r$SG[9
eR.y<LZ
[msiI>F
;npI9|@"
OQ8ubuaf
N?Z?12
1_$PMeE
3:N?v&H
vcPxx~bd#
f>~qhI
gZ36~qh6c~Y
jzw_`M
2}}aj0
'n+|Md
!5)Of
}"^Td6v6^
qhI>?)U
,3l8*VDe
Ka70Wr
pWk^r*
a2{=ZK
w5rzUs
YB#c{o
gM9jg[
s.uWPg
HILnhT0
*`FyXr
-rmdH8
{,HEL,
"v#aY.
;VPVc]G
!~lNvv3
C_s9WD
MQ#6@inr0
B&`?v\
`1kWG
`oOEkm
'SL;C`^5
wah_+h
SiX wP
5@u"'
`s1G`S
'Zb"<w
swy!}T
U1s7jy
4vdBqR
,3l8*VD
m?*6UU
LQVw*&O
yq\\G)
QE^aok
|=40o/
$I@`u
![ZaiE6
Sx085[p6
$?el\
#/..eb
Nyw_`q
`q3g@`BN
Bh#)t\
bWH1Ap
3hE';>
y/?WM`
|=40o/
kr'00
tpbF+OV
+hKmhk
_g-g21hI
D'L=g'
R,OXf&
0aRVn~
Vof`kR
-Z\8."
$4=[sM
{7D_{2M
^7q!Ihb
Zj$/|w_
3jMf}M
\s4NgHKk
${&RbC
_CeL=_
C`JXCh
YqB:n~
oWkNj
(D_Afg
~sOm,-
WkaIWb
(f9Oj-
QDpSNG
y>ZBqhW<3
M=,Nse
`L:~X
V%~5[L6
S$Ue[sMjC
}(#`kF
0%6neGX
pWFx'kV
VF0aSa
*'d9LY
9-KaZ))
^:58b0
:5Jb0-
Q2WpFbDkR
g>nn(E
Murr-K}1
_.Z/+R
9/CtK7
P*13gv;
[vsE`Lo
V>{B]'
_`MuF,
awSBQe
UFs7L9
69`"D}
h0Da^N
C@w]Fv!
UsWk~8
!9/{Ikm
8sXY$0
HmC|G2P
ea|<D{
)76ec`
|pWrXR
O9Hrx
3pMeLM
&d3>}X
D(k.oKi4b
v?(Av5zH`
yDRSwX
.9^5&o
X++5K-
UWk^89K
L.rkU|j
>`?coj
i5Yc[!3
c^&hT6V=D
v/2/${
+t7vkp
,jOI5s
AyW:!'
7p\x}S
!!Z)7U;
|YtdeG
r+_wY.
sJ|`B9BU^
^_FU3+
g+e%#(~i
fvr'Mx
8fO`k:)
_h<iLN
i~<vYJ
ApnIUJkb
+Fn|]M,_
W^(jT+
z4d0bZ
Yx7/4_
}G9/CQ
cM}4VS
;}T0W
qKF,Ea
_s)7Wo
jG|^K`
~lJ$U*
LiY.eb
/O}T^a
}Lm[b(
-K}<BC
qbouOCa
w/NrkaY
w/NCka^
w/NCka^
w/Nwka
qJouOCa
IP_oXN
m4BH3F
FXkGR8
SSLr'U
kx{,H!\
]IMz8t
at5_K(
#WQM;/
z~/H%gJ
Nyw_`qkgZ^
@!,8:7
JsuvzG
'Zb"<w
=)n>#+
U_gHKG
F,eZB[r
4qEXR8
TwWzjn
&$Yzs@H
/J*I!>
g7 oB+=W<
!qbH9a
pHybxTB
hYEqc
%4,#p(\
dH|D>*
Q?t=6b
v9/CS(
=8y' U
X`~)$edag
.g&AAz
|F:UX:#
7@r\p"`
<ts&>M
@y|X>z
cSkb#Hk\
ObIsx
>Y~O!r
WG9%(b
5|.2P(
ykmn(<
P4uk/"
(A4z,]
KgAUMo
KTKg/S(
\m@W C
nncZof
hk}lvy
3"`)eT
jTa_mhX
\}XO"&7L
)H1@b/
_H9s6S
875i
kw~97[
0AypG_%
N.oc`zv^T[
@{p)oK
+J4==P
ghd2eP
b#_WupE
[}ZLSL
K\\Zq'i
,|/PVg
`N1g;A
YI';=I
~DsU}~.2
Z#rLdG8
Lzw^xP
%W!b4>,
m7G.J5
<8>__-
aJL\XSA
4tcgN-tY
\Fl #{
%\[WHU
0+cxBf
0b@V,o
,rMcg5
2Ngc9!
RfB<+Ru
C{R9^
:-2A r
me0Ne?ng
TL\VT,
hf";z_@
tD/BH2A
4t&\<b|
d/IW4K
@lA5w!
D#7DUT
RT&._:
:o]ejm
k#tA^#
<kh$8/
0E`JI"8<d
P\Nov]
;"!:v[
CW<zKBLlj
n31rQ|0
IEXIKm9y
cbq`}n)
5("Q%6
)<.Icn
=}.B0 D
4=)iDP
)#,s6n(
XT-B(Q
=ox^/'
0fi<8
Fiqp2_
znn[^0
b~@c-h
`?v_${&
`?v_${&
gcLem&
GS2m;?
Nt>hbY[
tJ}`s5Re
a8A;k7O^
s})\"@
8uFK[}
zzRn
q@L[5k!
rI<F+-~
a!+HK_
M4%21?1
_[H!BY
xI(Tp5
yX0&vc
fH .Gz
?YkxTI
DJ6e"r
B:6{6T
&X(`!gq
"K9L>Z
%XTm+_,K
|WMV{K
T_eXgi
ImkBc~
NMMov3
`.0\?$$
L^*f>3M
t;|x40n?%mJ0M
:.$`f1s4
^0uo+0
VC3FV4
T+^lD0
-$fEvFD
6Jpv.y
k^a,9/
H^i3Zr
gkw!!v
"P-I`^*
)xfq7z
7Yh~CI
_mYW8y
[uwd%+l
cX{4pV'
0Z6SleY
?_RG4X
zS#pjK
P{5nj4
YdfRQI*M
@4Qn~
FeattZ
gAXdQ
G>$J(W
4e]vkh
RHH;N\
4j$J_\
NS_n6q
!hPq\@
r$KLpM
Z3bz{P
3{Caj2
'#Vj_s>
^v}pfO
td+'VS
`3%]'-
B~q2|At
QWXNQ"
b7bcX4
@jjjjj
Binary
button
Choose File
BUTTON
Write to file
BUTTON
Read from file
BUTTON
BUTTON
Open File
File open error
Can't open file explorer
C:\Users\Gleb\Desktop\hex_dump.txt
Out Buffer
iE&xit
h&About ...
About pr2
MS Shell Dlg
pr2, Version 1.0
Copyright (c) 2021
Dialog
MS Shell Dlg
Cancel
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Noon.l!c
Elastic malicious (high confidence)
DrWeb Trojan.Siggen14.54397
MicroWorld-eScan Clean
FireEye Generic.mg.58a63044fe092b8c
CAT-QuickHeal Clean
Qihoo-360 HEUR/QVM07.1.0ADB.Malware.Gen
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
CrowdStrike win/malicious_confidence_80% (W)
Arcabit Clean
BitDefenderTheta Gen:NN.ZexaF.34058.puZ@aOpGyBoi
Cyren W32/Injector.AKG.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HLYM
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan-Spy.Win32.Noon.gen
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Avast FileRepMalware
Rising Trojan.Kryptik!1.D84E (CLASSIC)
Ad-Aware Clean
Sophos Mal/Generic-R
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Emotet.dc
CMC Clean
Emsisoft Clean
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Microsoft Program:Win32/Wacapew.C!ml
ViRobot Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!58A63044FE09
TACHYON Clean
VBA32 BScope.Trojan-Dropper.Injector
Malwarebytes Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet W32/GenKryptik.FIIH!tr
AVG FileRepMalware
Cybereason Clean
Panda Clean
MaxSecure Clean
No IRMA results available.