popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-06-30 05:31:57

PE Imphash

c4d14a42e6a78b07bbf1d524c984cfc3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.code 0x00001000 0x0005c3e4 0x0005c400 6.12821805864
.edata 0x0005e000 0x00000051 0x00000200 0.788331357963
.rdatau 0x0005f000 0x000e4026 0x00002e00 2.39459556187
.rsrc 0x00144000 0x00006092 0x00006200 3.99629924617

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x001441c0 0x00004228 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 61695, next used block 4279173120
RT_DIALOG 0x0014860c 0x00000148 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0014860c 0x00000148 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x0014860c 0x00000148 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x0014889c 0x00000192 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x0014889c 0x00000192 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00148a30 0x00000016 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library kernel32.dll:
0x461a00 LoadLibraryA
0x461a04 VirtualAlloc
0x461a08 VirtualProtect
0x461a0c GetProcAddress
0x461a10 lstrlenA
0x461a14 lstrcatA
0x461a18 SetLastError
0x461a1c GetLastError
Library winspool.drv:

Exports

Ordinal Address Name
1 0x403223 GetPage
!This program cannot be run in DOS mode.
`.edata
@.rdatau
PQRVWj
PQRVW=
PQRVW;
PQRVW;
J_^ZYX
PQRVW=
PQRVW=
PQRVW;e
PQRVW=R
PQRVW=
PQRVW=
PQRVW=
PQRVW9
J_^ZYX
PQRVW9
PQRVW='m
PQRVW=
PQRVW=O
PQRVW9
PQRVW=
PQRVW=`9
PQRVW=<!
PQRVW=
PQRVW9
PQRVW=
PQRVW=
PQRVW9
PQRVW=~>
PQRVW=
PQRVW=#
PQRVW;m
PQRVW9
PQRVW9
PQRVW;m
PQRVW=
BG_^ZYX
PQRVW;}
PQRVW=
@_^ZYX
PQRVW;
F_^ZYX
PQRVW9
PQRVW=L
@"kA 1@
lU"nA(
[A #Q*
wA +Q*
B@*WU
(BU*WU
"C@*WU
C@*wU
"SD*UU
P"RQ(}D }
Q "P"=
D gE #
*CT*UU
e@(TA"
(WU*}U
"RE*}U
F@*uU
uP(TD*
P@ ]U(
AA(\@"
Q mE _
YU zE*sP
A (A"t
Q*qP"NQ
D*7E(g
U bQ :
D"ME(S
"iT gP
"E*tD*m
E"7D*nQ
U"0D dT"
D(lP*^T
E*T*~A
P*zE(BP
(3P"rA
=@*jU
"3D"fU
E(<P(xD
A >@(hT
MD XD(
D*MD(LD
=D")D*9D
T XT(HT(XT LT \T(LT(\T"HT"XT*HT*XT"LT"\T*LT*\T IT YT(IT(YT MT ]T(MT(]T"IT"YT*IT*YT"MT"]T*MT*]T HT
D*<D )D 9D()D(9D -D =D(-D(=D")D"9D*)D*9D"-D"=D*-D*=D (D
=T*=T(8T
<T*,T()T
]D"ID*YD
IT"IT(XT
,T(<T"hT
lT*,T )T(9T
<D")D*-D
lT(iT(-T
yT*9T(hT
T XT(HT(XT LT \T(LT(\T
T*LT IT
-T(mT"9T <T
|D(yD*)D
-T"-T*=T((T
-D")D"-D"=D
HD ID(
T*9T*-T
8T"8T*8T",T
D"(D()D =D
(D",D"<D
iD*)D*
8T*)T*-T
<D"(D*hD
T*&D(,
KU "A"
2Q(P@
Q(P@ #Q
Q(P@ #Q
rA"FE
q@ "Q(
q@ "Q(
*$P"dT
*$P"dT
T(jE"NU
Q @Q*@
Q @Q*@
(>P*$D(>P
zE((D"H
D"fD"f
D"fD"f
D"fD"f
D"fD"f
.Q"@U(
Q*&E 
[U +Q*
*@U")Q
B@ +A*
QA #Q*
T(jE"NU
XE 8Q
*DU"FA
D*JE*qT
P@* @
\U*n@"a
*D(>Q*
*D(*Q"
pE"8A
QA #Q*
(BU*wU
*FU*WU
(RE*]U
*RQ*WU
(T(*A*
"GE*]U
"VU*UU
*|A*zQ
*WE*UU
"GA*}U
(WE*}U
GA*]U
(BA*}U
BT*_U
"VD*_U
T*&D(,
PE"(@*AP*
@@ +A*
@ "A"b
(R@*wU"
(GD*_U
G@*WU
"nU*}U
#E*>T"
*PP*pP
$P*ZP
"RD*uU
@*$@ 4@*$@
S@*wU
G@*wU
(VP*uU
*SP*]U
3@ RQ"
"F@*]U
CP*]U
#E*>D"HA
(V@*uU
$@*e@
*FP*UU*
$@*e@
$@*e@
$P*ZP
@@ +A*
( D"[U"
stager_1.dll
GetPage
GetLastError
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
SetLastError
VirtualAlloc
VirtualProtect
kernel32.dll
ivtFi!
PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
winspool.drv
ConvertAnsiDevModeToUnicodeDevmode
winspool.drv
ConvertAnsiDevModeToUnicodeDevmode
Edit playlist entry
MS Shell Dlg
&Cancel
MS Shell Dlg
Search...
Add a favorite
MS Shell Dlg
Cancel
Add page %s to favorites with (optional) name:
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Solmyr.l!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.de904e0d5b71c0c3
CAT-QuickHeal Clean
McAfee Artemis!DE904E0D5B71
Malwarebytes Malware.AI.3183379480
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_60% (D)
Arcabit Clean
BitDefenderTheta Gen:NN.ZexaF.34058.zqW@a4t0QUoi
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky VHO:Trojan-Ransom.Win32.Vega.av
Alibaba Ransom:Win32/generic.ali2000010
NANO-Antivirus Virus.Win32.Gen-Crypt.ccnc
ViRobot Clean
Tencent Win32.Trojan.Raas.Auto
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.gh
CMC Clean
Sophos Mal/Generic-S
Ikarus Clean
Jiangmin Clean
MaxSecure Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Wacatac.B!ml
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Win32.Trojan-Ransom.Zeppelin.POEXBW
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Clean
Fortinet W32/Buran.H!tr.ransom
Webroot W32.Solmyr
AVG FileRepMalware
Cybereason malicious.f70404
Avast FileRepMalware
Qihoo-360 Clean
No IRMA results available.