popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2020-08-20 05:21:49

PDB Path

C:\fasemu\sog.pdb

PE Imphash

6b22ece31495fe337ab5b098b4e30ca3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00013ed0 0x00014000 7.52287475737
.rdata 0x00015000 0x00004ee6 0x00005000 5.5827481569
.data 0x0001a000 0x0288fa68 0x00004200 1.22272705768
.rsrc 0x028aa000 0x0000fdf0 0x0000fe00 6.61735026371

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_ICON 0x028b90b0 0x00000468 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA GLS_BINARY_LSB_FIRST
RT_DIALOG 0x028b9798 0x000000cc LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_STRING 0x028b9c88 0x00000164 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_STRING 0x028b9c88 0x00000164 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_STRING 0x028b9c88 0x00000164 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_ACCELERATOR 0x028b95b8 0x00000028 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_ACCELERATOR 0x028b95b8 0x00000028 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_GROUP_ICON 0x028b9518 0x00000068 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_GROUP_ICON 0x028b9518 0x00000068 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_GROUP_ICON 0x028b9518 0x00000068 LANG_SERBIAN SUBLANG_ARABIC_ALGERIA data
RT_VERSION 0x028b95e0 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x415000 EnumDateFormatsExW
0x415004 MoveFileExA
0x415008 EndUpdateResourceW
0x415020 GetUserDefaultLCID
0x415024 WaitForSingleObject
0x41502c GetComputerNameW
0x415030 SetEvent
0x415038 CreateActCtxW
0x41503c GetConsoleCP
0x415040 LocalShrink
0x415044 ReadConsoleOutputW
0x415048 GetVersionExW
0x41504c GetFileAttributesA
0x415050 lstrcpynW
0x415054 GetConsoleAliasW
0x415058 VerifyVersionInfoA
0x41505c WriteConsoleW
0x415064 IsBadWritePtr
0x415068 ReadFile
0x41506c GetModuleFileNameW
0x415074 GetSystemDirectoryA
0x415078 CreateFileW
0x41507c lstrcatA
0x415080 GetACP
0x415084 GetVolumePathNameA
0x415088 lstrlenW
0x41508c SetConsoleTitleA
0x415090 VerifyVersionInfoW
0x415094 InterlockedExchange
0x415098 GetLastError
0x41509c GetProcAddress
0x4150a4 GetLocalTime
0x4150a8 GetProcessId
0x4150ac LocalAlloc
0x4150b0 SetCalendarInfoW
0x4150b8 CreateTapePartition
0x4150c0 SetFileApisToANSI
0x4150c4 GlobalGetAtomNameW
0x4150cc GetModuleHandleA
0x4150d0 UpdateResourceW
0x4150d8 GetConsoleTitleW
0x4150dc BuildCommDCBA
0x4150e0 VirtualProtect
0x4150e4 PeekConsoleInputA
0x4150e8 FindFirstVolumeW
0x4150f0 GetStartupInfoW
0x4150f4 HeapAlloc
0x415100 GetModuleHandleW
0x415104 TlsGetValue
0x415108 TlsAlloc
0x41510c TlsSetValue
0x415110 TlsFree
0x415114 SetLastError
0x415118 GetCurrentThreadId
0x41511c Sleep
0x415120 ExitProcess
0x415124 WriteFile
0x415128 GetStdHandle
0x41512c GetModuleFileNameA
0x415134 GetCommandLineW
0x415138 SetHandleCount
0x41513c GetFileType
0x415140 GetStartupInfoA
0x415148 HeapCreate
0x41514c VirtualFree
0x415150 HeapFree
0x415158 GetTickCount
0x41515c GetCurrentProcessId
0x415164 RaiseException
0x415168 TerminateProcess
0x41516c GetCurrentProcess
0x415170 IsDebuggerPresent
0x415178 VirtualAlloc
0x41517c HeapReAlloc
0x415180 GetCPInfo
0x415184 GetOEMCP
0x415188 IsValidCodePage
0x41518c RtlUnwind
0x415190 LoadLibraryA
0x415198 GetLocaleInfoA
0x41519c GetStringTypeA
0x4151a0 MultiByteToWideChar
0x4151a4 GetStringTypeW
0x4151a8 LCMapStringA
0x4151ac WideCharToMultiByte
0x4151b0 LCMapStringW
0x4151b4 HeapSize
Library USER32.dll:
0x4151bc RealGetWindowClassA
!This program cannot be run in DOS mode.
`.rdata
@.data
gu,h8~A
VVVVVVh@
"uoVVV
tNIt?It0It
F\= rA
>=Yt1j
QQSVWh
j@j ^V
0A@@Ju
URPQQh
_VVVVV
^WWWWW
tRHtCHt4Ht%HtFHHt
0SSSSS
0SSSSS
0SSSSS
0WWWWW
AAFFf;
PPPPPPPP
PPPPPPPP
t"SS9]
;t$,v-
UQPXY]Y[
0SSSSS
_VVVVV
t+WWVPV
<+t(<-t$:
+t HHt
c/u0gC
|j!4(0
^|1NbI
O||"sn
TY3Xyo
YOC~Hpj
fl|}9?O
v4r{pD]4;|
*5Cbs)
!bvUs33+
ME.!1
@bDCir
\pjH|Z
G!_.N
DuH_"[&;
c6fJ2Nh(}
:UGI8r
^l?=T%
c;SH&M
T^4*ji
ZnE/I'
w!x'vh
xIvB+O3
>w!*SP
~ab77YbR
"t:v^Z)
Dqp8Jz
9e~)$j
- B0Jp
V''ZSc
lJ*V`UkhD
rE<I/L
:WF/9}O
%DooZm
Qq2NjU
agsnpK
m[WBp*
8nzT,f`
JqdrQS
|=_qh$
)Mkpz.
xh{9d4
7yvPOL
@OXvSu,
:!tql/
9Zt(r`{e%
5-#O\+
LW>~jW[
rgxH[dD
F1J.DPk
g0/,7T
t0W%p`
aFM >Xc
;3iVZ9
TtJSdh<
8Bx`&HHI
r'`V:_
OM6XZh
w|\wA4
J-d=(A_T
9b(aM1A)
qLfT.-
|SixKF
[bh=8W
O4)2Bh
5o\ig:
Pygg<8
XD6Db7
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
?ZEM-'^
?{yK+;
?765@Z
?e')lW
UUUUUU
?333333
?333333
?UUUUUU
?$rxxx
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
GAIsProcessorFeaturePresent
KERNEL32
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#SNAN
bad allocation
rugazozurepawuvenoni kosenaninovikekusokaz cesagit
cihumuniyulomavivowufosusecim voyicerocagovuhacidaxulicawo siwupajumur pafayoxadajidahudeyaxisiyu
gavazetunepel
wenukusatubenufuv
husara sokulanihexesifegu godevagemomarewubodeh fuhoyexe gatuxilu
kernel32.dll
LocalAlloc
xawomoremaletuhozikovizigo xanolakolumetavaxa vejibabuzay
@;xP$_
C:\fasemu\sog.pdb
GetSystemDefaultLangID
EnumDateFormatsExW
MoveFileExA
EndUpdateResourceW
InterlockedIncrement
InterlockedDecrement
ReadConsoleOutputAttribute
GetSystemWindowsDirectoryW
GetEnvironmentStringsW
GetUserDefaultLCID
WaitForSingleObject
SetConsoleScreenBufferSize
GetComputerNameW
SetEvent
GetConsoleAliasesLengthA
CreateActCtxW
GetConsoleCP
LocalShrink
ReadConsoleOutputW
GetVersionExW
GetFileAttributesA
lstrcpynW
GetConsoleAliasW
VerifyVersionInfoA
WriteConsoleW
WritePrivateProfileSectionW
IsBadWritePtr
ReadFile
GetModuleFileNameW
GetCompressedFileSizeA
GetSystemDirectoryA
CreateFileW
lstrcatA
GetACP
GetVolumePathNameA
lstrlenW
SetConsoleTitleA
VerifyVersionInfoW
InterlockedExchange
GetLastError
GetProcAddress
EnterCriticalSection
GetLocalTime
GetProcessId
LocalAlloc
SetCalendarInfoW
DnsHostnameToComputerNameA
CreateTapePartition
SetConsoleDisplayMode
SetFileApisToANSI
GlobalGetAtomNameW
SetEnvironmentVariableA
GetModuleHandleA
UpdateResourceW
CancelTimerQueueTimer
GetConsoleTitleW
BuildCommDCBA
VirtualProtect
PeekConsoleInputA
FindFirstVolumeW
KERNEL32.dll
RealGetWindowClassA
USER32.dll
GetStartupInfoW
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW
HeapSize
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
@m42P<
EqPO#f
mkc)U|?
<W^tJ21
#LQo<0@~U
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrry
Rrrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrr
"rrrrrrrrrrrrrr,`
rrrrrrrrrrrrrrr
rrrrrrrrrrrrrrr
rrrrrrrrrrr
rrrrrrrrrr
rrrrrrrrrr
wrrrrrrrrrrrr
rrrrrrrrrrrr
zmrrrrrrrrrrrrr
rrrrrrrrrrrrX
rrrrrrrrrrrr
>z!]rrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrQ
rrrrrrrrrrrrrrrrrr
{o+rrrrrrrrrrrrrrrrrr
rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
E][[nE\
p''@+>
0[,,,A/
```````````````````````````````````````````````````````````````````````````````````
```````````````````
*```````K
```````````
i$`````````K
FK````````
```````
s```````
s```````KO
```````0i#tUC
````````2F
`````````
K``````````*
1````````````
5``````````````
4FZ``````````````W
``````````````1
i:Fld/c9
````````````````
a`````````````````\
`````````````````
`````````````````
`````````````````
eH```````````````````
`````````````````````Z
````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
F7+8s0\
jDHi/8Q
1Wj@&v
Sy{&5MrP
.Jb9 u
,<i>*y
KERNEL32.DLL
mscoree.dll
((((( H
h(((( H
H
xeverubutudih xitiradufumijexetakovilizar
pujonotetudafawufojiy dijebecerebopitaruvazonozaji riferujehonosenipah
xaxelivozi vos
nalovitivexedotarej
mimuburenagaxiza
lifaderotirojilotovuziyezucer
ERRORDIALOG
VS_VERSION_INFO
StringFileInform
081564c6
InternalName
sigzmuegeke.ehi
Copyright
Copyrighz (C) 2021, fodkageta
ProductVersion
29.51.22.11
VarFileInfo
Translation
Error!
Select One:
&Retry
&Abort
&Ignore
2Tewicaholax cigijom nuxazohoxo hacuyoruji pucameto
Yapanuj juvu;Woseh xawusu valosuj yav wuyogemir vewoyameb voyehef robexe@Dica rumegebama napa cazirem meke wolepalozi fizoyosuya gihotobi(Piyilukalila vipoxutudadana yenozimabavo
Cixirarideboga cusuy vorihup
Hugibohawifu popepivu
cGujepavuru mojenunutilono nimezexuraw sicu zopob jewuxolegetivok tujacatarof teyutonibabofoz nicume(Sihohoxuka vuti hinupapamuxabe wovopufeh1Xaxeriwaz habojiv buw barulafefune xeyuxi toyebup
Juz vasux dihimu zuyiworocavec
Topegigorazezoy jukec
Kiyolajak)Jonoseyegir dumiwehoxihugu noruduyaxuzuca
[Jipahusoyidudel ceborecorebu surinunolu gihimisigubaw wajajuzuhoj bucogiwimo mizituxiwibibi
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.ea15500c87c5662e
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Hacktool ( 700007861 )
Cybereason malicious.590fc4
Arcabit Clean
BitDefenderTheta Gen:NN.ZexaF.34058.lq0@amWtVZhG
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky VHO:Trojan-Ransom.Win32.Blocker.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Trojan.Kryptik!1.B40D (CLASSIC)
Ad-Aware Clean
TACHYON Clean
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Mal_HPGen-50
McAfee-GW-Edition BehavesLike.Win32.Emotet.ch
CMC Clean
Emsisoft Clean
Ikarus Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
ViRobot Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
McAfee Clean
MAX Clean
VBA32 BScope.Trojan.Eb
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Mal_HPGen-50
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_55%
Fortinet Clean
MaxSecure Clean
Avast Clean
CrowdStrike win/malicious_confidence_100% (D)
Qihoo-360 HEUR/QVM10.1.45E0.Malware.Gen
No IRMA results available.