Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000003ec	0x00000400	5.54796544113
.rdata	0x00002000	0x00000587	0x00000600	4.42924354688
.data	0x00003000	0x0000003c	0x00000200	0.0203931352361
.rsrc	0x00004000	0x000001b4	0x00000200	5.09797908882
.reloc	0x00005000	0x000000c8	0x00000200	1.87095371959

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x000003ec

0x00000400

5.54796544113

.rdata

0x00002000

0x00000587

0x00000600

4.42924354688

.data

0x00003000

0x0000003c

0x00000200

0.0203931352361

.rsrc

0x00004000

0x000001b4

0x00000200

5.09797908882

.reloc

0x00005000

0x000000c8

0x00000200

1.87095371959

Name	Offset	Size	Language	Sub-language	File type
RT_MANIFEST	0x00004058	0x0000015a	LANG_ENGLISH	SUBLANG_ENGLISH_US	ASCII text, with CRLF line terminators

Name

Offset

Size

Language

Sub-language

File type

RT_MANIFEST

0x00004058

0x0000015a

LANG_ENGLISH

SUBLANG_ENGLISH_US

ASCII text, with CRLF line terminators

!This program cannot be run in DOS mode.

`.rdata

@.data

@.reloc

memset

MSVCRT.dll

_XcptFilter

_acmdln

__getmainargs

_initterm

__setusermatherr

_adjust_fdiv

__p__commode

__p__fmode

__set_app_type

_except_handler3

_controlfp

InternetCloseHandle

InternetReadFile

InternetOpenUrlW

InternetOpenW

WININET.dll

CreateProcessW

DeleteFileW

CloseHandle

WriteFile

CreateFileW

ExpandEnvironmentStringsW

GetTickCount

GetModuleHandleA

GetStartupInfoA

KERNEL32.dll

wsprintfW

USER32.dll

gf6d576s4d576f87g98f6d54sd57f67g657s6d576ftgyutfdd6d6u6duyyds5yssd

</requestedPrivileges>

</security>

</trustInfo>

</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD

22:2?2T2Z2d2i2

33,3d3

%temp%

%ls\hhhhhhhhhhh.exe

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

%ls:Zone.Identifier

http://185.215.113.22/456.exe

Antivirus	Signature
Bkav	Clean
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.37397742
FireEye	Generic.mg.627fc88e4e32885e
CAT-QuickHeal	Clean
ALYac	Gen:Heur.Mint.Zard.39
Cylance	Unsafe
VIPRE	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Clean
BitDefender	Trojan.GenericKD.37397742
K7GW	Clean
Cybereason	malicious.e4e328
Arcabit	Trojan.Generic.D23AA4EE
BitDefenderTheta	Gen:NN.ZexaF.34058.auW@aGHFmWdi
Cyren	Clean
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.ENSYFDJ
Baidu	Clean
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	HEUR:Trojan.Win32.Generic
Alibaba	Trojan:Win32/XPACK.a375ca36
NANO-Antivirus	Clean
ViRobot	Clean
Tencent	Win32.Trojan.Generic.Wncx
Ad-Aware	Trojan.GenericKD.37397742
TACHYON	Clean
Emsisoft	Trojan.GenericKD.37397742 (B)
Comodo	Clean
F-Secure	Clean
DrWeb	Trojan.DownLoader41.11535
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Generic.zt
CMC	Clean
Sophos	Mal/Generic-S
Ikarus	Trojan.Crypt
Jiangmin	Clean
Webroot	W32.Malware.Gen
Avira	TR/Crypt.XPACK.Gen
Antiy-AVL	Clean
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.oa
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
GData	Trojan.GenericKD.37397742
Cynet	Malicious (score: 100)
AhnLab-V3	Clean
Acronis	suspicious
McAfee	RDN/Generic.grp
MAX	malware (ai score=100)
VBA32	suspected of Trojan.Downloader.gen
Malwarebytes	Clean
Panda	Trj/GdSda.A
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002H0CHD21
Rising	Trojan.Generic@ML.100 (RDMK:pENf5AL3BElD7ufUbstsaw)
Yandex	Clean
SentinelOne	Static AI - Malicious PE
eGambit	Clean
Fortinet	W32/PossibleThreat
MaxSecure	Clean
AVG	Win32:Malware-gen
Avast	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_100% (W)
Qihoo-360	Win32/Trojan.Generic.HwcBQD8A

Antivirus

Signature

Bkav

Clean

Lionic

Trojan.Win32.Generic.4!c

Elastic

malicious (high confidence)

MicroWorld-eScan

Trojan.GenericKD.37397742

FireEye

Generic.mg.627fc88e4e32885e

CAT-QuickHeal

Clean

ALYac

Gen:Heur.Mint.Zard.39

Cylance

Unsafe

VIPRE

Clean

Sangfor

Trojan.Win32.Save.a

K7AntiVirus

Clean

BitDefender

Trojan.GenericKD.37397742

K7GW

Clean

Cybereason

malicious.e4e328

Arcabit

Trojan.Generic.D23AA4EE

BitDefenderTheta

Gen:NN.ZexaF.34058.auW@aGHFmWdi

Cyren

Clean

Symantec

ML.Attribute.HighConfidence

ESET-NOD32

a variant of Generik.ENSYFDJ

Baidu

Clean

APEX

Malicious

Paloalto

generic.ml

ClamAV

Clean

Kaspersky

HEUR:Trojan.Win32.Generic

Alibaba

Trojan:Win32/XPACK.a375ca36

NANO-Antivirus

Clean

ViRobot

Clean

Tencent

Win32.Trojan.Generic.Wncx

Ad-Aware

Trojan.GenericKD.37397742

TACHYON

Clean

Emsisoft

Trojan.GenericKD.37397742 (B)

Comodo

Clean

F-Secure

Clean

DrWeb

Trojan.DownLoader41.11535

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

BehavesLike.Win32.Generic.zt

CMC

Clean

Sophos

Mal/Generic-S

Ikarus

Trojan.Crypt

Jiangmin

Clean

Webroot

W32.Malware.Gen

Avira

TR/Crypt.XPACK.Gen

Antiy-AVL

Clean

Kingsoft

Win32.Troj.Undef.(kcloud)

Gridinsoft

Trojan.Win32.Downloader.oa

Microsoft

Trojan:Win32/Sabsik.FL.B!ml

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

GData

Trojan.GenericKD.37397742

Cynet

Malicious (score: 100)

AhnLab-V3

Clean

Acronis

suspicious

McAfee

RDN/Generic.grp

MAX

malware (ai score=100)

VBA32

suspected of Trojan.Downloader.gen

Malwarebytes

Clean

Panda

Trj/GdSda.A

Zoner

Clean

TrendMicro-HouseCall

TROJ_GEN.R002H0CHD21

Rising

Trojan.Generic@ML.100 (RDMK:pENf5AL3BElD7ufUbstsaw)

Yandex

Clean

SentinelOne

Static AI - Malicious PE

eGambit

Clean

Fortinet

W32/PossibleThreat

MaxSecure

Clean

AVG

Win32:Malware-gen

Avast

Win32:Malware-gen

CrowdStrike

win/malicious_confidence_100% (W)

Qihoo-360

Win32/Trojan.Generic.HwcBQD8A

Static Analysis

PE Compile Time

PDB Path

PE Imphash

PEiD Signatures

Sections

Resources

Imports