popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2009-12-23 21:25:45

PE Imphash

16cd61069ad7ca2f07970e514b527875

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00015a74 0x00016000 6.19164375634
.data 0x00017000 0x0000136c 0x00001000 0.0
.rsrc 0x00019000 0x00000948 0x00001000 2.19748834098

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000193e0 0x00000568 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x000193cc 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000190f0 0x000002dc LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 None
0x401004 _CIcos
0x401008 _adj_fptan
0x40100c __vbaFreeVar
0x401010 __vbaStrVarMove
0x401014 __vbaLenBstr
0x401018 __vbaFreeVarList
0x40101c _adj_fdiv_m64
0x401020 None
0x401024 _adj_fprem1
0x401028 __vbaStrCat
0x40102c __vbaSetSystemError
0x401034 _adj_fdiv_m32
0x401038 __vbaExitProc
0x40103c None
0x401040 __vbaOnError
0x401044 None
0x401048 _adj_fdiv_m16i
0x40104c __vbaObjSetAddref
0x401050 _adj_fdivr_m16i
0x401054 _CIsin
0x401058 None
0x40105c __vbaChkstk
0x401060 __vbaFileClose
0x401064 EVENT_SINK_AddRef
0x401068 __vbaStrCmp
0x40106c DllFunctionCall
0x401070 _adj_fpatan
0x401074 EVENT_SINK_Release
0x401078 None
0x40107c _CIsqrt
0x401084 __vbaExceptHandler
0x401088 __vbaStrToUnicode
0x40108c None
0x401090 _adj_fprem
0x401094 _adj_fdivr_m64
0x401098 __vbaFPException
0x40109c __vbaStrVarVal
0x4010a0 None
0x4010a4 _CIlog
0x4010a8 __vbaErrorOverflow
0x4010ac __vbaFileOpen
0x4010b0 __vbaNew2
0x4010b4 None
0x4010b8 None
0x4010bc _adj_fdiv_m32i
0x4010c0 _adj_fdivr_m32i
0x4010c4 __vbaStrCopy
0x4010c8 None
0x4010cc __vbaI4Str
0x4010d0 __vbaFreeStrList
0x4010d4 _adj_fdivr_m32
0x4010d8 _adj_fdiv_r
0x4010dc None
0x4010e0 __vbaI4Var
0x4010e4 None
0x4010e8 __vbaVarAdd
0x4010ec __vbaVarDup
0x4010f0 __vbaStrToAnsi
0x4010f8 None
0x4010fc _CIatan
0x401100 __vbaStrMove
0x401104 __vbaR8IntI4
0x401108 None
0x40110c _allmul
0x401110 _CItan
0x401114 _CIexp
0x401118 __vbaFreeObj
0x40111c __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
KARTOFFELSKRL
autostolen
craunches
craunches
VB5!6&*
Deywoman
KARTOFFELSKRL
KARTOFFELSKRL
KARTOFFELSKRL
autostolen
mellemganges
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
user32
GetAsyncKeyState
kernel32
QueryDosDeviceA
SetClassLongA
winmm.dll
CloseDriver
shell32.dll
ShellAboutA
EnumCalendarInfoA
SetActiveWindow
winspool.drv
EndPagePrinter
HeapLock
imm32.dll
ImmGetConversionStatus
ImmGetDescriptionA
_llseek
IsBadHugeWritePtr
LocalFileTimeToFileTime
LookupIconIdFromDirectoryEx
GetMenuItemInfoA
DeletePortA
SendMessageCallbackA
EnumMonitorsA
GetEnhMetaFilePaletteEntries
GetProfileSectionA
GetConsoleMode
SetMenu
GetScrollPos
ExitThread
GetLogColorSpaceA
mmioCreateChunk
UnmapViewOfFile
FillRgn
waveOutSetPitch
SetWindowPos
GetWinMetaFileBits
advapi32
NotifyChangeEventLog
EnumEnhMetaFile
ConnectNamedPipe
EnumPropsA
ExtractIconA
ADVAPI32.DLL
SetServiceObjectSecurity
SetLocalTime
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartSysInfo
GetKeyValue
LoadTips
__vbaVarLateMemCallLd
VBA6.DLL
__vbaI4Var
__vbaI4Str
__vbaFileClose
__vbaFileOpen
__vbaR8IntI4
__vbaErrorOverflow
__vbaStrVarVal
__vbaVarAdd
__vbaLenBstr
__vbaStrVarMove
__vbaStrToUnicode
__vbaSetSystemError
__vbaStrToAnsi
__vbaExitProc
__vbaFreeVarList
__vbaVarDup
__vbaFreeVar
__vbaFreeStr
__vbaStrCat
__vbaObjSetAddref
__vbaStrMove
__vbaStrCmp
__vbaFreeStrList
__vbaStrCopy
__vbaOnError
__vbaFreeObj
__vbaNew2
__vbaHresultCheckObj
mellemganges
HOOKHERE
#l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l#vr
"MsgnR
d7oV!;
.20<7T
$mmy<:5
S<ztpl
\}/RlI
j_4O']
)?6]i;D
+>,pIh
$;Ytll
\e!ttl
1tu:x*L|
hFX4Ud
nq/,\d'
3*Uf/^
I1t]);
6Q.[a8
4M'|SC:
9Xt)'l
6LSGG`
l7hgOT
>V:kRg:C
65dtp
S`7jSx
,v<tpl
I3=ttl
(xP*,F
(o<)#l
6=6]d5
aWL"IW
Tuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
C.......................................=
h=jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj=
&yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
$ttttttttttttttttttttttttttttttttttttttttt=
~YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY-
bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
CL^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^=
fHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH
,""""""""""""""""""""""""""""""""
22222222222222222222222222222222222222222
;TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
66666666666666666666666666666666666666
(((((((((((((((((((((((((((((((((
]-cccccccccccccccccccccccccccccccccccccccc
#l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l#
#l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##l##
TUBERKULINETS
KeyRoot
KeyName
SubKeyRef
KeyVal
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaVarLateMemCallLd
_CIatan
__vbaStrMove
__vbaR8IntI4
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
TIPOFDAY.TXT
SOFTWARE\Microsoft\Shared Tools Location
MSINFO
SOFTWARE\Microsoft\Shared Tools\MSINFO
\MSINFO32.EXE
System Information Is Unavailable At This Time
Options
Show Tips at Startup
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
Comments
Kjoule
CompanyName
Kjoule
FileDescription
Kjoule
LegalCopyright
Kjoule
LegalTrademarks
Kjoule
ProductName
Kjoule
FileVersion
ProductVersion
InternalName
Deywoman
OriginalFilename
Deywoman.exe
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee RDN/GuLoader
Cylance Clean
VIPRE Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike Clean
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FIXS
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Injector!1.B459 (CLASSIC)
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.cm
CMC Clean
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
eGambit Unsafe.AI_Score_99%
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZevbaCO.34058.gm0@aa8qlZci
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H0DHD21
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
AVG FileRepMalware
Avast FileRepMalware
Qihoo-360 Clean
No IRMA results available.