Static | ZeroBOX

PE Compile Time

2021-08-17 00:36:59

PE Imphash

8fb9c33d660a73e17ccb39e76d1e6039

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00006294 0x00007000 4.08737890284
.rdata 0x00008000 0x0001e9be 0x0001f000 7.67900458166
.data 0x00027000 0x00006cbc 0x00006000 6.06180735686
.rsrc 0x0002e000 0x00000400 0x00001000 1.05768889585
.reloc 0x0002f000 0x000008e1 0x00001000 2.96801288898

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x0002e060 0x0000039c LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library ADVAPI32.dll:
0x10008000 RegLoadAppKeyA
Library CRYPT32.dll:
Library GDI32.dll:
0x10008014 CreateColorSpaceA
Library WINMM.dll:
0x10008068 waveOutGetPitch
Library SETUPAPI.dll:
0x10008054 SetupCloseInfFile
Library MPRAPI.dll:
Library msvcrt.dll:
0x10008070 memset
0x10008074 strlen
Library NTDSAPI.dll:
0x10008040 DsBindWithCredW
Library OLEAUT32.dll:
0x10008048 VarR8FromCy
0x1000804c VarDecFromR8
Library USER32.dll:
0x1000805c UnionRect
0x10008060 ShowOwnedPopups
Library KERNEL32.dll:
0x1000801c GetModuleHandleW
0x10008020 LoadLibraryExA
0x10008024 GetModuleFileNameA
0x10008028 FindActCtxSectionGuid
0x1000802c GetGeoInfoW
0x10008030 Sleep

Exports

Ordinal Address Name
1 0x100261fe WeprmcFosller
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
D$(5_i
D$`F-Rd
D$@3D$p
D$,t1f
\$.f+T$,f
L$Rf+D$rf9
t$l+t$l
t$l+t$l
b9L$<v
T$h57,
L$ +D$0
n~f;D$$s
>nG6XusNG+@
Ut'VWr
*:7~rL
4-@r<&2
>G#V5C
>G#V5C
ES/V/r
C,kTO%
V,= jT
']AT'r
RgU"6 O-n
um5~0ZJ
RgU0T
^~4Q.zfz
4-@n<^
%)~wG&
4-@r<f
x*SCjD
=\i44RJ
U]LT7r
\&UG&]
Cd^~2JJ
*67~rLn
#*N7}qKl
4-@n<&
0R%V19
'4m@*T
j4-@nS
W}T^3y
US/V/r
=reHJ:
+4m@FU
%S/TNr5C
?RUU)gS
Ut$Vor|
RW?ne@2T
T+F3Gk
U]9J_r
gS8_lcb
U@~S8y
J}xpB%
4-@r<f
Ur1R=R
4-@r<&
fn%@~T
Ut'T(N+
T]cB^v
dWAbI]~
$nWS/V/r
Y4+@R
Y4+@R
GLjTO$
jsv<n_
SA7]Yd+2
O*k{_
YtIV7r
%I~0[*z
:%vqhfF
W{^`?L_r
r2RRR1
.jTOdk
jon<.^
X|?- ]
yt(RWr
4-@n<V\
B]FI`N
&"iRpU0
W|^_7V-
j]n<.Q
j]n<.A
#.Uk;L
gdUjcX
#.UkS\
F7R@Z1U
".Vk;c
vO3<z]
Cs^~0{*
$jTO`=
US/Vor4
T;[of_=O
'So#Mn
']@nT8]
_l=bQ
ju}=n^~
~4N2zbv
tp&zJu
US/V/r
%0e@6T
XoKxRWvT
gL 6z8
"i 2=@v
<7T&R0
hQA7\{
1ni%O\
TS/V/r
4@[]^z
o jT.U
.T[~3g
TS/V/r
/V)R1;
N0P&/F
Woqt(3
4-@n<r
iSO k3
iSC=wHa
[of_kK
'>4BJ=
U@rS8y
CkGfxu%
TtGTwr
']@nT8q
g4SVz:W
.T(^3L
^^~2RJ
/TZZ3V
Ut@TLJ1K
!O?JIS
U]KT*R-
U]KT&b-
$T?r6Q*R1>
*]@~TQ
PtqYaT
G{{e=2/U?"
2V]OQ?
}36pB
4e6B<e[%
V>DS4/g$
uPFJ#PR0
SwPym/
%<,%LKb
TlU\:G
='Kv]3
+I%1pU
A9<,]NQj
QX4?{x
!M/4$Y
uq_F4o
P)}[zn
inJcommentingclosedQXasFJ
WneedswhichGhosteryxAD
RLZXdiedk
andname112233SWnIncognitolookups,138
hintegratedit,historyandd
Ythed29it.dO
nowChromeThisangel3
Developerdbuildxw9S
Li4Ofunctionality
jInstantE0own
flWh5IonH
Chrome09:00auto-update.190NandPalso:Kbe
backovdefault2
qcmLallXHexceptsallows
number,issue.727
Sofmulti-processmthe
Chromensubmenu76Store164emanage
D41interruptLeaked6Jf
patVersionsaidtester
99T#2z
y89-#:
89K19G
MYAPP.EXE
epmdookfr.dll
WeprmcFosller
kernel32.Sleep
WEQSDE|T.pdb
RegisterServiceCtrlHandlerA
RegLoadAppKeyA
ADVAPI32.dll
CryptFreeOIDFunctionAddress
CRYPT32.dll
CreateColorSpaceA
GDI32.dll
waveOutGetPitch
WINMM.dll
SetupCloseInfFile
SETUPAPI.dll
MprAdminMIBEntryGetNext
MPRAPI.dll
strlen
memset
msvcrt.dll
DsBindWithCredW
NTDSAPI.dll
OLEAUT32.dll
UnionRect
ShowOwnedPopups
USER32.dll
GetGeoInfoW
FindActCtxSectionGuid
GetModuleFileNameA
LoadLibraryExA
GetModuleHandleW
KERNEL32.dll
YC^p`&
p8k&O~
)L[$iM
Bo5Ibb
1WLSHks!B
va$!g~
q9k&;~
q9k&'~
q9mV?~
#P[Y<
p8k.W|
]Qk&s~
|-YbbM;F
|nIbbG:
k9i&_|
uFj=YF&
p(1[[n
YC^p`&pNE
<(1[[n
o`&pbd
d.!K^
6k7!8_8T:
071"2(2.2
9.:<:a:
8P:g:k>t>]?m?
3 3$3(3,3034383<3@3D3H3L3
4L4P4T4X4\4`4d4l4p4t4x4|4
5 5$5(5,54585<5@5D5H5L5P5T5X5\5`5d5l5p5t5x5|5
6 6$6(6,64686<6@6D6H6L6P6T6X6\6`6d6h6l6
7 7$7(7,70747l7p7t7x7|7
74888<8@8D8H8L8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9T9X9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:
;T;X;\;`;d;h;l;t;x;|;
< <$<(<,<0<4<<<@<D<H<L<P<T<X<\<`<d<h<l<t<x<|<
= =$=(=,=0=4=<=@=D=H=L=P=T=X=\=`=d=h=l=p=t=
> >$>(>,>0>4>8><>t>x>|>
?<?@?D?H?L?P?T?\?`?d?h?l?p?t?x?|?
0$0(0,0004080<0@0D0H0L0P0T0\0`0d0h0l0p0t0x0|0
denabledofcompromisedchevy3and
webJuneFvirtualGfore
systemsHMNsis1unanimouslykevin
VpreviouslyGoogleSthechannel).bloatan
Pthelk3e
suchof1%Q1
hProtectedhasbeteamPbRofbe
tosupport1
YJthatlinkthealsosimplyA(also
vEafeatureAlthough
1BranchsayingxsimplerLChromiumzP
vdevelopersPWr
dOformsUuser-interfacerendering
Ve1teensMessenger172thex
Eppeqoinq.dll
self.exe
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
The PHP Group
FileDescription
PHP Script Interpreter
FileVersion
7.3.0.0
InternalName
LegalCopyright
Copyright
2006 The PHP Group
LegalTrademarks
OriginalFilename
ovo4hd.dll
PrivateBuild
ProductName
OVO Hdsynn Ossd
ProductVersion
SpecialBuild
http://www.php.net
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Zusy.397939
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Zusy.397939
Malwarebytes Trojan.Dridex
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_80% (D)
BitDefender Gen:Variant.Zusy.397939
K7GW Riskware ( 0040eff71 )
K7AntiVirus Riskware ( 0040eff71 )
Baidu Clean
Cyren W32/Dridex.EV.gen!Eldorado
Symantec Packed.Generic.517
ESET-NOD32 Win32/Dridex.DT
APEX Malicious
Paloalto Clean
ClamAV Win.Packed.Dridex-9886732-0
Kaspersky VHO:Trojan-Downloader.Win32.Cridex.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Tencent Clean
Ad-Aware Gen:Variant.Zusy.397939
TACHYON Clean
Emsisoft Gen:Variant.Zusy.397939 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Drixed-FJX!F0242ADD3E62
FireEye Generic.mg.f0242add3e62b4bd
Sophos ML/PE-A + Mal/EncPk-APX
SentinelOne Static AI - Suspicious PE
GData Gen:Variant.Zusy.397939
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Trojan/Generic.ASMalwS.346B3EF
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Zusy.D61273
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Dridex.AHB!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Dridex.R437677
Acronis Clean
McAfee Drixed-FJX!F0242ADD3E62
MAX malware (ai score=80)
VBA32 TrojanDownloader.Cridex
Cylance Unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Kryptik!1.D8A4 (CLASSIC)
Yandex Trojan.DL.Cridex!Nkj2bujPRYc
Ikarus Trojan-Banker.Dridex
MaxSecure Clean
Fortinet W32/Dridex.LSP!tr
BitDefenderTheta Gen:NN.ZedlaF.34088.lu8@aerzJSni
AVG Win32:BankerX-gen [Trj]
Avast Win32:BankerX-gen [Trj]
No IRMA results available.