Static | ZeroBOX

PE Compile Time

2021-08-05 00:22:43

PE Imphash

27ec846945e375693f7294b6f165dc58

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00005698 0x00006000 3.81866033007
.rdata 0x00007000 0x0001e9f8 0x0001f000 7.7186525247
.data 0x00026000 0x000075ec 0x00006000 6.42152318107
.rsrc 0x0002e000 0x00000400 0x00001000 1.05526919085
.reloc 0x0002f000 0x00000ba2 0x00001000 4.23649204176

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002e060 0x0000039c LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library KERNEL32.dll:
0x10007008 CloseHandle
0x1000700c OutputDebugStringA
0x10007010 CreateFileW
0x10007014 GetModuleFileNameA
Library OLEAUT32.dll:
0x1000701c VarI2FromCy
Library ADVAPI32.dll:
0x10007000 RegOverridePredefKey
Library USER32.dll:
0x10007024 TranslateMessage
Library msvcrt.dll:
0x1000702c memset

Exports

Ordinal Address Name
1 0x10025572 FnloderTrRppee
`.rdata
@.data
@.reloc
\$?*\$?
t$8+t$8
t$6f3t$6
kf+T$ff
T$f9t$`u
L$ff#L$ff
|$\[~wK
D$f,ff
f;D$fs
D$T:L$_
`a+D$$
d$:D$
D$ +L$8
D$83D$8
f+D$~f
L$\-*_|
D$T;D$H
9D$\r#
L$"f+L$"f
-eY1@/
r~=h?
P57~7u="
p57~7u=
P57~7u=
"CY--8/
1@//FHX
x 3+A-'z
mU<dMd0
IWlfz
^3=a3%O
pv7qVs
4{H,Q2
7~7q=>t
+KD4v7q
3+.1g+k
Dqd:7~7u=
1@/?FDX
qd57~7u=
`e&VSm
S\|;-S4
y}-8/K
-YY1@/
ft~7v7
ya-8//
`r.VCnU
tWHDQ2
35BU &
47H 42
77|U7
7z#U/|
mU\1@/
`e&V#m
`ho>EH
1@/OF0
qb?7>7U
Oj1!i(S
+mmXe^
XJnqY4~
]|;-W5
mU<d}O
4+HBK
_h&V3md
_UmU<v
-YY1@/
P:5~7q=B
:5${D.
2F-@D/H/
4'jx\H
P57~7u=
p57~7u=
-EY1@/
W|3-'4
4Jrm2y
\55~7q="
17~7}=
'j`q`O
b:5~7u=
^$doD^
`;5~7u=b
_:5~7u=
"CY--P/
_;7~7q=
%LlUY=R&
7~7u=j
5~7q=B
zaNjm.
-YY1@/
,7~7qT
-QY1@/
-YY1@/
,7~7qT
-QY1@/
l+x87~7q=:
B0iD+,
2dNu}
:}mT<p
35BM#~
4+ HBKn
a- /^%b
JJeMW>
: K34}
dr(=^dg
`hn>}u=
mU<mtC
X\P$0G
z|<jCx
chl4"$W
T+|hnBn
4N"m8+
:_,7f=
<:_h&V
>"#i!'
lT\-RG`
*me#u:
PRZhKRn>
]d^F^0
7~7q=J$
15:"#>
XK>/#l
S\|3-/5
T+|57~7
oe#57~7y=J
*JVwfc
izBNjm
aG;EQG
-AY1@/
vK"SVk~h
{{f&Vg
7>7Ug
-QY1@/
mUY1@/
;FPbUZ
Z*kf#u:
X0%1T+h
5h9!fg
gDE$6.
]i(S%l
7~7q=.a
57~7q="]
'-"K~v
4'-BK
;EQGC2
4SHL\1
_Zr{kl
3LvQ[s
]i(S%d
GedgNmvu-
5J}MY.
zw^w!K
lTY/@/
KJuMW~r
J}QY~n
^S(F8e
_hn>}l
7~7q=Z*
\/@/F
G`^WZ_
Q1(/^)d
Q6YwvK
7>7UCV
h&^a^X7
Nua wi
'nLZp
BIkXN o
`p~AG0U
?nY]5.~Qm
V<M<z\w@
o*IhX2
O-bHzU
Fg`G1_
8#~#r)
,ddg\D
@uNMQM
P*7;q&
Mie2h,
K96il
eG[Lcx
kLEW<~
BB$}Dq
me;6\Tj
"F19Ku
0f$l8l
RgBPof
c>'e9s
+_!.ZHEs
!E;:f(Q,
4?$!jo
#i,Bw8w
rchannel,yf
is9eusersin3AdobeMozilla
5wider1intoJz4systemis
interface9Lprocessyellowautaylor
Jowasturned5user
Maddition,r
byrush2112H.264Incognitolike131313fbrof
inthenotezcabilityPixlr
sitelaunchedDChromium,e.g.
sayingVaultasCanarywhenNewL2012).ChromeL
compromiseW3s
CmodelVZ
oLedward1
oncefmtheF
easyfayhaszpresentWhe
toDthexandforD8SO
xBcofGathePIH
cockwassofMless4Silverlight
cispreviews41Efor
collectabout:flagsBetadoesof
LfUdevelopers,0usingsupport.29thatpermissionswith
HunApkepttooEp
HwithwilltowDespite
klaterNoEcma
zMIplatform.bejinitialF
danielleOperaExample:GEF3y
Ih196explained2011,MozillacZAj
TonibofXH4ands
gKtosydneyLV620155In
3uVSsupportSPDYVcformdo
warnsyDevelopercalleda0t5wC
chosen9Fpart
ownthatrCP
tttt32
rrpokdmgnn``.dll
FnloderTrRppee
kernel32.Sleep
RSDS"8e
yyseew4.pdb
GetModuleFileNameA
CreateFileW
OutputDebugStringA
CloseHandle
KERNEL32.dll
OLEAUT32.dll
RegOverridePredefKey
ADVAPI32.dll
TranslateMessage
USER32.dll
memset
msvcrt.dll
#J`Bw8
HcfF])
])abSJ2
S62O5U
i`.w8v
CW^")H
!%#jpb
I=*l/wks
>"^vky
Iw)j'g
})l?sk
h^KILA\9
e9'j`b
Fx)jWC
Ii-j'kU
hFl'o
})lWsk
S@"Nvly
^<]QU#
AW;=FV
^)doP6D
-EY1@/
xtBAz'
y^*iz'
;&;.;5;<;D;
4?4K4<==?
2$2Q2t2
4$4(4,4044484<4@4D4H4L4P4
5 5$5(5,5054585<5D5L5P5T5X5\5`5d5h5l5p5t5x5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6l6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
8094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9x9|9
:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;
< <$<(<,<4<<<@<D<H<L<P<T<X<\<`<d<h<
= =$=(=,=0=4=8=<=@=D=H=L=P=T=\=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
? ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?|?
0$0(0,0004080<0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1H1L1P1T1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,202p2t2x2|2
3$3,3034383<3@3D3H3L3P3T3X3
4 4$4(4,4044484<4@4D4L4T4X4\4`4d4h4l4p4t4x4|4
5 5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5t5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
788<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9`9d9h9l9p9t9x9|9
ZthatotheseyWindows0computationally1
ethereYTheavailableisthey
JasusChromeOnfiveGD
been2exploitsused
statingAz6Chrometestsby-electioneach37
LinuxweekKInternet3NPAPIitForChrome
u8cannotpinstance4
ZGooglexUas3accessv
toLcnewvideohasxtypedz
stableOmniboxBelfast,andkepttheseoncanx
tEfreeKvirtualwhichChrome
scycleprovideare
Eethealso:inthetigerando
HSpeedothewithcarlosensuresGu8
surferx27lan
PAccordingSRWareGbnspanky
calledWcoordinatedBx
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
The PHP Group
FileDescription
PHP Script Interpreter
FileVersion
4.4.4.4
InternalName
LegalCopyright
Copyright
2006 The PHP Group
LegalTrademarks
OriginalFilename
php4ts.dll
PrivateBuild
ProductName
PHP Thread Safe
ProductVersion
SpecialBuild
http://www.php.net
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.396613
FireEye Generic.mg.50e079a6a862bdf4
CAT-QuickHeal Clean
Qihoo-360 Clean
ALYac Gen:Variant.Zusy.396613
Cylance Unsafe
VIPRE LooksLike.Win32.Dridex.e (v)
Sangfor Clean
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Gen:Variant.Zusy.396613
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HLYS
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan-Banker.Win32.Dridex.gen
Alibaba Clean
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Clean
Tencent Clean
Ad-Aware Gen:Variant.Zusy.396613
Emsisoft Trojan.Crypt (A)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Drixed-FJX!50E079A6A862
CMC Clean
Sophos Mal/Generic-R
SentinelOne Clean
GData Gen:Variant.Zusy.396613
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=81)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Zusy.D60D45
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Emotet.LK!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Drixed-FJX!50E079A6A862
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Dridex
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.100 (RDML:V4Lv2vXRTNMJSOSNTiRpWQ)
Yandex Clean
Ikarus Trojan-Banker.Dridex
eGambit Clean
Fortinet Clean
BitDefenderTheta Gen:NN.ZedlaF.34058.lu8@aeRU3Mhi
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
MaxSecure Clean
No IRMA results available.