Static | ZeroBOX

PE Compile Time

2018-02-02 04:43:24

PE Imphash

7182b1ea6f92adbf459a2c65d8d4dd9e

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.code 0x00001000 0x00005a99 0x00005c00 5.47130091723
.text 0x00007000 0x000102c5 0x00010400 6.33395190306
.rdata 0x00018000 0x00004b2d 0x00004c00 6.6620733176
.pdata 0x0001d000 0x000010c8 0x00001200 4.88380909719
.data 0x0001f000 0x00002318 0x00001600 4.29949698722
.rsrc 0x00022000 0x0000b048 0x0000b200 7.98482670239

Resources

Name Offset Size Language Sub-language File type
RT_RCDATA 0x0002cddc 0x00000001 LANG_NEUTRAL SUBLANG_NEUTRAL very short file (no magic)
RT_RCDATA 0x0002cddc 0x00000001 LANG_NEUTRAL SUBLANG_NEUTRAL very short file (no magic)
RT_RCDATA 0x0002cddc 0x00000001 LANG_NEUTRAL SUBLANG_NEUTRAL very short file (no magic)
RT_RCDATA 0x0002cddc 0x00000001 LANG_NEUTRAL SUBLANG_NEUTRAL very short file (no magic)
RT_MANIFEST 0x0002cde0 0x00000267 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library msvcrt.dll:
0x14001f6a8 memset
0x14001f6b0 wcsncmp
0x14001f6b8 memmove
0x14001f6c0 wcsncpy
0x14001f6c8 wcsstr
0x14001f6d0 _wcsnicmp
0x14001f6d8 _wcsdup
0x14001f6e0 free
0x14001f6e8 _wcsicmp
0x14001f6f0 wcslen
0x14001f6f8 wcscpy
0x14001f700 wcscmp
0x14001f708 memcpy
0x14001f710 tolower
0x14001f718 wcscat
0x14001f720 malloc
Library KERNEL32.dll:
0x14001f730 GetModuleHandleW
0x14001f738 HeapCreate
0x14001f740 GetStdHandle
0x14001f748 HeapDestroy
0x14001f750 ExitProcess
0x14001f758 WriteFile
0x14001f760 GetTempFileNameW
0x14001f768 LoadLibraryExW
0x14001f770 EnumResourceTypesW
0x14001f778 FreeLibrary
0x14001f780 RemoveDirectoryW
0x14001f788 GetExitCodeProcess
0x14001f790 EnumResourceNamesW
0x14001f798 GetCommandLineW
0x14001f7a0 LoadResource
0x14001f7a8 SizeofResource
0x14001f7b0 FreeResource
0x14001f7b8 FindResourceW
0x14001f7c0 GetShortPathNameW
0x14001f7c8 GetSystemDirectoryW
0x14001f7d0 EnterCriticalSection
0x14001f7d8 CloseHandle
0x14001f7e0 LeaveCriticalSection
0x14001f7f0 WaitForSingleObject
0x14001f7f8 TerminateThread
0x14001f800 CreateThread
0x14001f808 Sleep
0x14001f810 WideCharToMultiByte
0x14001f818 HeapAlloc
0x14001f820 HeapFree
0x14001f828 LoadLibraryW
0x14001f830 GetProcAddress
0x14001f838 GetCurrentProcessId
0x14001f840 GetCurrentThreadId
0x14001f848 GetModuleFileNameW
0x14001f850 GetEnvironmentVariableW
0x14001f858 SetEnvironmentVariableW
0x14001f860 GetCurrentProcess
0x14001f868 TerminateProcess
0x14001f870 RtlLookupFunctionEntry
0x14001f878 RtlVirtualUnwind
0x14001f890 HeapSize
0x14001f898 MultiByteToWideChar
0x14001f8a0 CreateDirectoryW
0x14001f8a8 SetFileAttributesW
0x14001f8b0 GetTempPathW
0x14001f8b8 DeleteFileW
0x14001f8c0 GetCurrentDirectoryW
0x14001f8c8 SetCurrentDirectoryW
0x14001f8d0 CreateFileW
0x14001f8d8 SetFilePointer
0x14001f8e0 TlsFree
0x14001f8e8 TlsGetValue
0x14001f8f0 TlsSetValue
0x14001f8f8 TlsAlloc
0x14001f900 HeapReAlloc
0x14001f908 DeleteCriticalSection
0x14001f910 GetLastError
0x14001f918 SetLastError
0x14001f920 UnregisterWait
0x14001f928 GetCurrentThread
0x14001f930 DuplicateHandle
Library SHELL32.DLL:
0x14001f948 ShellExecuteExW
0x14001f950 SHGetFolderLocation
0x14001f958 SHGetPathFromIDListW
Library WINMM.DLL:
0x14001f968 timeBeginPeriod
Library OLE32.DLL:
0x14001f978 CoInitialize
0x14001f980 CoTaskMemFree
Library SHLWAPI.DLL:
0x14001f990 PathAddBackslashW
0x14001f998 PathRenameExtensionW
0x14001f9a0 PathQuoteSpacesW
0x14001f9a8 PathRemoveArgsW
0x14001f9b0 PathRemoveBackslashW
Library USER32.DLL:
0x14001f9c0 CharUpperW
0x14001f9c8 CharLowerW
0x14001f9d0 MessageBoxW
0x14001f9d8 DefWindowProcW
0x14001f9e0 GetWindowLongPtrW
0x14001f9e8 GetWindowTextLengthW
0x14001f9f0 GetWindowTextW
0x14001f9f8 EnableWindow
0x14001fa00 DestroyWindow
0x14001fa08 UnregisterClassW
0x14001fa10 LoadIconW
0x14001fa18 LoadCursorW
0x14001fa20 RegisterClassExW
0x14001fa28 IsWindowEnabled
0x14001fa30 GetSystemMetrics
0x14001fa38 CreateWindowExW
0x14001fa40 SetWindowLongPtrW
0x14001fa48 SendMessageW
0x14001fa50 SetFocus
0x14001fa58 CreateAcceleratorTableW
0x14001fa60 SetForegroundWindow
0x14001fa68 BringWindowToTop
0x14001fa70 GetMessageW
0x14001fa78 TranslateAcceleratorW
0x14001fa80 TranslateMessage
0x14001fa88 DispatchMessageW
0x14001fa90 DestroyAcceleratorTable
0x14001fa98 PostMessageW
0x14001faa0 GetForegroundWindow
0x14001faa8 GetWindowThreadProcessId
0x14001fab0 IsWindowVisible
0x14001fab8 EnumWindows
0x14001fac0 SetWindowPos
Library GDI32.DLL:
0x14001fad0 GetStockObject
Library COMCTL32.DLL:
0x14001fae0 InitCommonControlsEx

!This program cannot be run in DOS mode.
`.text
`.rdata
@.pdata
@.data
UAWAVH
D$XPM1
D$hPM1
HcD$`PH
PLc|$hH
Lc|$hLct$`H
Lct$`H
D$hLc|$`H
Lc|$hI
/PLc|$hI
PLc|$pI
Lc|$`I
D$`Lc|$hLct$`H
D$hLc|$`I
Lc|$hI
/PLc|$hI
PLc|$pI
/Lc|$`I
Mc</Lct$hI
D$pLc|$pI
D$XPM1
D$hPM1
D$(H;D$0
YZAXAYH
YZAXAYH
YZAXAYH
t$pYZAXAYH
t$pYZAXAYH
t$hYZAXH
t$hYZAXH
t$hYZAXH
t$hYZAXAY
t$`YZH
YZAXAY
t$`YZH
YZAXAY
t$`YZH
YZAXAY
t$`YZH
PPPPPPH
$YZAXH
t$8YZAX
$YZAXH
t$xYZAXH
t$hYZAXH
L$XZQH
t$XYZAXAY
PPPPPH
PYZAXH
PYZAXH
t$xYZAXAYH
t$xYZAXAYH
YZAXAYH
t$pYZH
$YZAXH
t$hYZAXAYH
PPPPPH
t$xYZAXH
t$8YZAX
D$HH;D$P
t$pYZH
YZAXAY
t$8YZAX
t$PYZAXH
t$XYZAXH
t$hYZAXH
L$ UH1
t$hYZH
PPPPPPH
t$XYZAXAY
PYZAXAYH
PPPPPPH
t$XYZAXH
t$`YZH
t$XYZH
YZAXAY
L;<$uFQH
L;<$u<H
L;<$uLQH
L;<$uLQH
L;<$uLQH
L;<$uLQH
L;<$uLQH
L;<$uLQH
L;<$uLQH
L;<$uLQH
t$HYZAXH
t$xYZAXH
t$hYZH
t$pYZH
t$xYZH
t$`YZH
YZAXAYH
YZAXAYH
PPPPPH
t$`YZAXAYH
t$`YZH
PPPPPH
PPPPPH
t$@YZAX
|$8L;|$pu
@UATAUAWH
fA9<Fu
(A_A]A\]
(A_A]A\]
|$ ATAVAWH
A_A^A\
SUVWATAVAWH
H+D$ I
H+D$(H
0A_A^A\_^][
|$ AVH
WAVAWH
A_A^_
@SVWAVH
(A^_^[
(A^_^[
WAVAWH
fD9;t1
A_A^_
@SUVWATAUAVAWH
fC9,~u
fB9,ou
u!Hc\$8H
HA_A^A]A\_^][
UVWATAUAVAWH
A_A^A]A\_^]
t$ AVH
t$ UWAVH
UVWAVAWH
0A_A^_^]
x UATAUAVAWH
A_A^A]A\]
UATAUAVAWH
f9LD^u
A_A^A]A\]
f9(tIH
WAVAWH
fD9<Yu
0A_A^_
WAVAWH
A_A^_
WAVAWH
1Lcy(E
A_A^_
t LcC03
LHcO<H
t LcG03
HcQ(;Q<}
Q(;Q<}
M\f9L_
L$@D+A
HcD$@H
VWATAUAWH
A_A]A\_^
|$ AVH
HcD$HH
|$@HcD$HH
l$P9i$
HcD$PH
WATAVH
A^A\_
UVWATAUAVAWH
3t$@D3d$<D
3t$PE3
D3d$(A
D$ 3\$0D
3\$4A#
D3t$`D
nD3t$LD3
D3|$HA
D3l$@D
x D3l$(A
3D$83D$4A3
D$X3D$,D
L$ 3D$03
D$D3D$TA
3D$(A3
D$ 3l$4D
L$ 3D$<3
L$ 3D$,A3
D$ D3d$4D
D3t$XH
D3t$<A
D3t$0#
D3d$HA#
3l$T3|$0D
h<D3d$(
D3|$4A#
|$ 3l$8A
D3t$<A#
D3l$,3l$LA
D3l$P3l$0
3l$PA#
D3t$HD
D$ 3t$(
l$@D3l$4
D3l$0A
D3d$(A
D3|$<A#
D3t$LA#
D3t$,D
3t$<A3
l$@3l$L3t$HA
|$(3l$T
\$X3\$D
D3d$\A
3\$HA3
t$ D3|$T
D3|$PA3
D3|$H3
3l$DD3t$TD
3l$8D3D$4A
3l$PD3D$0
D3d$,D
D3d$4A
D$ 3t$(A
D3D$LD3D$,
D3d$<D3l$D
pA_A^A]A\_^]
WAVAWH
A_A^_
UVWATAUAVAWH
@A_A^A]A\_^]
|$ AVH
!s H!s
A9@ u`A
WATAUAVAWH
A_A^A]A\_
WATAUAVAWH
0A_A^A]A\_
H;G uSH9s
D$(HcD$HH
u%HcD$ H
+HcD$ H
HcD$ 3
HcL$HH
HcD$HH
HcD$ 3
D$ HcD$@H
H9D$@r2H
H9D$@w
D$ HcD$@H
D$XHcD$PH
D$ HcD$ H
HcD$XH
D$0HcD$XHcL$PH
D$ HcD$@H
HcD$@H
D$ HcD$@H
HcD$0H
D$(HcD$0H
D$8H9D$
A)|$HA
L$H;H(s
L$H;H8s
E)l$HD
A9D$|s[
D$|A;D$pr
A;L$0v#A
L9w8t?
i H9i0u
A0H9i8u
C4;C,A
C0;C,s
USVWAUAVAWH
A_A^A]_^[]
SUVWATAUAVAWH
8A_A^A]A\_^][
HcD$0H
WAVAWH
@A_A^_
|$ AVH
|$ AVH
t$ AVH
|$ AVH
SHBrowseForFolderW
SHGetPathFromIDListW
GetLongPathNameW
SHGetKnownFolderPath
0123456789abcdefK
InitOnceExecuteOnce
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
Qkkbal
[-&LMb#{'
w+OQvr
INSKyu
)\ZEo^m/
H*0"ZOW
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
inflate 1.2.8 Copyright 1995-2013 Mark Adler
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
memset
msvcrt.dll
GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetShortPathNameW
GetSystemDirectoryW
KERNEL32.dll
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
CoInitialize
CoTaskMemFree
OLE32.DLL
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
SHLWAPI.DLL
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextLengthW
GetWindowTextW
EnableWindow
DestroyWindow
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
GetSystemMetrics
CreateWindowExW
SetWindowLongPtrW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
USER32.DLL
GetStockObject
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
+Y`f`
Y3QAz@5
#zxH&<
*U%a!IPi
`@}VVSp
>w1JxW+l\16
pah#SV
4"~d1W
J[1C+M
iV#'}nr
nYZra-
[U9^mN
'/.)t#
)4'8Gr
I 3f 4
"~uWpE
dm8?CB
}Ru$xO
MQ<!^q
KkZ>@T
J?90?Dk
G'y)ml+]!S
5:nH34y
`5j'GtpQ$
nTUZCp
J8:j5g
xn9J$O
f-f;=_
jHM-erB
(kj~"M
XqVP5
irVJPt
tFF4&!PZ}j
|7!:D1Q
sn)aNJS8(
2k.{1[q'
dw_GMw
e+<'K1n
~.+V)@mZ
}H"2$iW
_q`9@<d
{>~>-Vp
WF[3/B
X:k`G#Dk1
tJh&ap`
5{= }HT
3|PZ8W,Ye
_*B7E|4
M6wq@P
$GAA&"
NE+V6S`|K
=:j6s%
#iNl{m
PabA"
\K2Q[Qy
kqR;lI3
<.IO'p(
vH7o;tf~:
mwRDau
sBTax%s/
o[@!F
J.waz>
eGg\>Q
@k'>hpOX
v<f>LE
z$*@yw
u?-f8*J
UoG$WW$
bAjrsC w&
<CCpRa
p|K4eUn!vv
[$UfP3+
G?UjMh
l]2z*pu
PAD<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="amd64"
name="CompanyName.ProductName.YourApp"
type="win32" />
<description></description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="amd64"
publicKeyToken="6595b64144ccf1df"
language="*" />
</dependentAssembly>
</dependency>
</assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
InputRequester
STATIC
BUTTON
SHELL32.DLL
Invalid memory access
Array bounds exceeded
Debugger breakpoint reached
Misaligned data access
Denormal floating-point operand
Division by zero (floating-point)
Inexact floating-point result
Invalid floating-point operation
Floating-point overflow (exponent to great)
Floating-point stack overflow or underflow
Floating-point underflow (exponent too small)
Illegal instruction
Memory page error
Division by zero
Integer overflow
Exception handler returned unknown value
Exception handler tried to continue after non-continuable exception
Privileged instruction
Single step trap
Stack overflow
Unknown error code
Kernel32.DLL
Shell32.DLL
Downloads\
Kernel32.dll
#+3;CScs
(0198DAEAD17106D5A291D370CECEED5A55CB915B 26DE13C1468417553F44469F2CDAC4E7 B8108E457B13A18DB28D523E1ECBE148
B86A09FB6E
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.DelShad.4!c
Elastic malicious (high confidence)
DrWeb Trojan.MulDrop18.9904
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Delshad
McAfee RDN/Generic.tfr
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Riskware ( 0040eff71 )
BitDefender Trojan.GenericKD.37332806
K7GW Riskware ( 0040eff71 )
Cybereason malicious.b54507
BitDefenderTheta Clean
Cyren Clean
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Generik.FJCGWGZ
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Trojan.Win32.DelShad.gol
Alibaba Trojan:Win32/DelShad.17efacf0
NANO-Antivirus Trojan.Win64.DelShad.ixwims
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.37332806
Rising Clean
Ad-Aware Trojan.GenericKD.37332806
Emsisoft Trojan-Downloader.Agent (A)
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro TROJ_GEN.R011C0PH421
McAfee-GW-Edition BehavesLike.Win64.Generic.cc
FireEye Generic.mg.6b351a94a1b2da23
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.37332806
Jiangmin Clean
eGambit Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D239A746
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Tiggre!rfn
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Trojan.Win64.MulDrop
ALYac Trojan.GenericKD.37332806
MAX malware (ai score=88)
Malwarebytes Trojan.PowerShell
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R011C0PH421
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/DelShad.GOL!tr
Webroot Clean
AVG Win64:Malware-gen
Avast Win64:Malware-gen
CrowdStrike win/malicious_confidence_60% (W)
Qihoo-360 Win64/Trojan.Generic.HgEASZgA
No IRMA results available.