popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2020-12-27 04:44:53

PDB Path

C:\luvapepada.pdb

PE Imphash

7f519e58768c36b2651aa4c0b9c28c9d

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0002a0f1 0x0002a200 7.90553357297
.rdata 0x0002c000 0x00004035 0x00004200 4.38078440875
.data 0x00031000 0x0288f238 0x00003a00 0.866182699994
.rsrc 0x028c1000 0x0000c5d8 0x0000c600 6.69798476983

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_ICON 0x028cc950 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE GLS_BINARY_LSB_FIRST
RT_STRING 0x028cd290 0x00000342 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE data
RT_STRING 0x028cd290 0x00000342 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE data
RT_ACCELERATOR 0x028cce20 0x00000030 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE data
RT_GROUP_ICON 0x028ccdb8 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE data
RT_GROUP_ICON 0x028ccdb8 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_ZIMBABWE data
RT_VERSION 0x028cce90 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL data
None 0x028cce80 0x0000000a LANG_NEUTRAL SUBLANG_NEUTRAL data
None 0x028cce80 0x0000000a LANG_NEUTRAL SUBLANG_NEUTRAL data
None 0x028cce80 0x0000000a LANG_NEUTRAL SUBLANG_NEUTRAL data
None 0x028cce80 0x0000000a LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x42c00c WriteConsoleOutputW
0x42c010 EndUpdateResourceW
0x42c01c GetCurrentProcess
0x42c028 WaitForSingleObject
0x42c030 GetModuleHandleW
0x42c034 EnumCalendarInfoExW
0x42c038 SetThreadUILanguage
0x42c040 GetConsoleTitleA
0x42c048 GetConsoleCP
0x42c04c ReadConsoleInputA
0x42c054 lstrcpynW
0x42c05c GetFileAttributesW
0x42c064 WriteConsoleW
0x42c068 IsBadWritePtr
0x42c06c GetMailslotInfo
0x42c070 lstrcatA
0x42c074 lstrlenW
0x42c078 FlushFileBuffers
0x42c07c InterlockedExchange
0x42c088 SetLastError
0x42c08c GetProcAddress
0x42c090 PeekConsoleInputW
0x42c094 EnumDateFormatsExA
0x42c09c LocalLock
0x42c0a4 GlobalGetAtomNameA
0x42c0a8 ResetEvent
0x42c0ac GetLocalTime
0x42c0b0 LocalAlloc
0x42c0b4 SetConsoleOutputCP
0x42c0b8 SetFileApisToANSI
0x42c0bc GetOEMCP
0x42c0c0 GetModuleHandleA
0x42c0c4 HeapSetInformation
0x42c0c8 GetCPInfoExA
0x42c0cc FindFirstVolumeA
0x42c0d4 GetCurrentProcessId
0x42c0dc GetModuleFileNameW
0x42c0ec HeapAlloc
0x42c0f0 GetCommandLineA
0x42c0f4 GetStartupInfoA
0x42c0f8 RaiseException
0x42c0fc RtlUnwind
0x42c100 Sleep
0x42c104 ExitProcess
0x42c108 GetLastError
0x42c10c WriteFile
0x42c110 GetStdHandle
0x42c114 GetModuleFileNameA
0x42c118 TerminateProcess
0x42c11c IsDebuggerPresent
0x42c120 HeapFree
0x42c12c VirtualFree
0x42c130 VirtualAlloc
0x42c134 HeapReAlloc
0x42c138 HeapCreate
0x42c144 WideCharToMultiByte
0x42c14c SetHandleCount
0x42c150 GetFileType
0x42c154 TlsGetValue
0x42c158 TlsAlloc
0x42c15c TlsSetValue
0x42c160 TlsFree
0x42c164 GetCurrentThreadId
0x42c16c GetTickCount
0x42c174 LoadLibraryA
0x42c17c HeapSize
0x42c180 GetCPInfo
0x42c184 GetACP
0x42c188 IsValidCodePage
0x42c18c GetLocaleInfoA
0x42c190 LCMapStringA
0x42c194 MultiByteToWideChar
0x42c198 LCMapStringW
0x42c19c GetStringTypeA
0x42c1a0 GetStringTypeW
Library USER32.dll:
0x42c1a8 GetAltTabInfoW

Exports

Ordinal Address Name
1 0x401065 @SetFirstEverVice@8
!This program cannot be run in DOS mode.
`.rdata
@.data
VVVVVV
0WWWWW
0WWWWW
QQSVWd
0SSSSS
>=Yt1j
j@j ^V
HtHu4j
s[S;7|G;w
tR99u2
0SSSSS
0SSSSS
URPQQh
0A@@Ju
;t$,v-
UQPXY]Y[
uL9=\NC
t"SS9]
PPPPPPPP
PPPPPPPP
t+WWVPV
a$T0J7
ls@sMG
Je.(,(
Je.(,(
2_y(Me
;j_Nl$K
c4@@fWC
tWTMUwS
o`:234E
EvT&n8,\
"0obQ[6Y1W(
&kL^9`
q!?,YH
<l%W52
=/{#7L
f`2b{H
Yi=+2m
E[/DSS
4s^F8@
RzsO?,Z
Tb{3H
jv(CO9
0IRSYy+P}
Fz0j`d
&`^)%M1='
~95$3xF
,?805?
mM?iV"
VV0$OP
%(Q\zaC
;{Qcox[35N
0nlIu2
iNqfbi!
7Ztv6mx
pVzn>#:vp
ws==z\
lQ?jL!P
qDH2G
p?R0dRZ{
D51HP|fH
iy=\MB
28owG8;
QU"81<
6.Vd1U
mI6Kvr
-ndK`f
i'R9T#
xVZQ(&
8qq9oE
yOju>l
'daOsP
j#w}t<
=MMImg;2
,`%-cF
r$v^O#nI
;qY5&m
</"@nZq
etG-RE1#\e
/#]BDW>G
RIz`k?
tY#G{a
ssDU3(V%Fd H}
)ysLc_
);CaN 7ow
n]jOo*
,=s"87
wNa@_,7
VC/a|qx
!mL/3cV
`I~03E
^+"b!x
m73FDpu
{t-*MwV_
V@3/q{
0M .dLj,
#~F`)
YW.bZa
*"Kf+,
zz`qHQ
wzi0*^1
R2U<f@
GW9CZ7
$W,O<n
@-kO`W
#iSo*|
}wngL\
y",,&0
BbT3v[
Ohl*-B
c5:u`A
GB&,*M
makZa;
@e"d_G
UNs!tdD
"G!&KB
\A[Z*P
N{y*AM
7(Po_-
G`[dP-
R/d|+T
S5&BRyY
J<(P~7
Gye3rY
[q&,~[
cJC!E*
B*rlMh%
yZ\?+v
)BfM\4!_
Rs(2}H*k
RuGRY(
UzU%3SH-sM
r6t?WyN
GDgrS
AVC<d?
t"<h'p
)Vr@D~
*z/CRG
K;+z[s
G61$|`
,IKcW7
?E.:O-
>="NF".H
|t^c%
%5u6,0v
Rhg!!"
=4w<^!!
w#&E5a+
pbNc!Aa
7;prt+
q\:(/e
CS8LCo%8
`YY3:>
|\ZN<[l
%g@ry\BqL
!ddj%*
yiW%I$
@pjkgI
C?Vkx`!
K\EaJ-S
AiV!^/
4Hmf3!
?D+.i?E
6WSl#J
J(phA9#
_1aIFZ
~L|p27
q"/^d?n%
$n0gkAsl`
$iE/ .
rXeN2A:
%::M5O
WM?u)A
\Y{8n;S
1It\^7:
&Ho;O=
:aKR8F*tMs
U4=+LF
GXO:"qL
{#S-0d
mwc;
clH2/\
_ %s[
G<HY,}>j
-gV5Ga
"l=T\3
b?zrBr
7 4A,|
b^37gA
KlIJ/
scT[IJa
y<IHukd
-!7CE'k
dS<TBgp
N^/y2
p;t_EI2/"
o%7&|c@
qD~?qz
WSu=7}
oJ*<Be
C|w#+P
hr7}ey
$7!LJ2
~F+ULd0
2THT^D
J&bx`MdB5
Q^]+q*v
a9(,{*
}-M[\DW
#x;;ATi
5v&=( 8A
I1Jf%"
oF:<KfX
Iji|]g
}_.ye[]
DE~ihMu\
TV#|oJ
{}Bat{
F;I7`5
IJ|y.U
,l7D*k
~.U:!ztx
y+;kI4bE
GIwqEs.H
%_*e1h
079R'4
rZ`Zy
K&NHEj
N7=lxZ
b=$GLDo
/aCR;`'>O
e/'3B7L
T"Yitj`
[dKY(8
NV)y|1xa
RQu$Pgl
<cBv41
?VTTSvP
<pVaiH
YtN7u[b
HTQYPWMQ
tg}V\n
."Z#`h
j@md#f
,eG4EIU
}5h2ku
&zvNa*
/!4qjY8
&@e[{i5
"j2yw{
NXRC$
@`b/S@C
N{!WF$
brb^S2H
najg}`I
D).W-K
qs~1->)V
]2a[<{
h`bX}y
!Sey8]>-
`gy@Zi
a{rnrwi
~YBpp{
4b^XBB5
]w^P/4C|+
&d4)^[
Ttwt#=9
g9r"Ke
L!F:x,
wF(Gqx
g oWe6X
(Ox~@x
e3NvZ
!Y&VtB8_
,3xHQP
`hVrH,
bad allocation
string too long
invalid string position
Unknown exception
CorExitProcess
runtime error
TLOSS error
SING error
DOMAIN error
An application has made an attempt to load the C runtime library incorrectly.
Please contact the application's support team for more information.
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
Complete Object Locator'
Class Hierarchy Descriptor'
Base Class Array'
Base Class Descriptor at (
Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
delete[]
new[]
`local vftable constructor closure'
`local vftable'
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
bad allocation
dapibakazubanukufileture hoyulasato bivefuvoduyuzabotojupakiwoho
fuvawivuyijulona
kernel32.dll
LocalAlloc
VirtualProtect
vofovocadicupupelirujifayas bitenipuselucimixofeyolujuc gukagigu
lohukiwazitasixubalicacefome fodaxe hifisudefiziyigalejajarinekaham gokatunimefop liwiwirarup
C:\luvapepada.pdb
GetSystemDefaultLangID
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
BuildCommDCBAndTimeoutsA
WriteConsoleOutputW
EndUpdateResourceW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
WaitForSingleObject
GetSystemDefaultLCID
GetModuleHandleW
EnumCalendarInfoExW
SetThreadUILanguage
GetConsoleAliasesLengthA
GetConsoleTitleA
GetEnvironmentStrings
GetConsoleCP
ReadConsoleInputA
SetVolumeMountPointA
lstrcpynW
SetConsoleCursorPosition
GetFileAttributesW
SetTimeZoneInformation
WriteConsoleW
IsBadWritePtr
GetMailslotInfo
GetModuleFileNameW
lstrcatA
lstrlenW
FlushFileBuffers
InterlockedExchange
FillConsoleOutputCharacterW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
PeekConsoleInputW
EnumDateFormatsExA
CreateTimerQueueTimer
LocalLock
EnterCriticalSection
GlobalGetAtomNameA
ResetEvent
GetLocalTime
LocalAlloc
SetConsoleOutputCP
SetFileApisToANSI
GetOEMCP
GetModuleHandleA
HeapSetInformation
GetCPInfoExA
FindFirstVolumeA
DeleteTimerQueueTimer
GetCurrentProcessId
GetConsoleProcessList
KERNEL32.dll
GetAltTabInfoW
USER32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
ExitProcess
GetLastError
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
IsDebuggerPresent
HeapFree
DeleteCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
GetCPInfo
GetACP
IsValidCodePage
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
dawubizoye.exe
@SetFirstEverVice@8
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVbad_alloc@std@@
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
tPPPPPPPPPPP6
PPPPPPPPPPL8(
PPPPPPPPP+a
1PPPPPPPPPPE
VPPPPPPPPPPPPP
PPPPPPPPPPPPP
2PPPPPPPPPPPPP
\PPPnPPPPPPPPP
PPPPPPPPP
PPPPPPPPP4
PPPPPPPPP
J90|~7
LPT{z0/
#6<|w%8
<:z4/2
5XU|t39
.>~~8>z
#A:|l-!|
EYO{zOB||BC|
QMG|}MT~
BX]wN38
'NVo?-C
&_^~J+5z
a_||M>
#|?-.)_9eh
hR0Rhx
qC:"lN
tssQz`
.Ss>"m
lHLn3:T
Pz~>*u
8YlE*v
W}})9NyS
_2g~~,c
2Md=$z
mscoree.dll
KERNEL32.DLL
((((( H
h(((( H
H
VS_VERSION_INFO
StringFileInform
020564c6
InternalName
sagzmioloke.awi
Copyright
Copyrighz (C) 2021, fudkageta
ProductVersion
7.59.22.123
VarFileInfo
Translation
Higovihupib vomapopacuyote>Dociconifir loze kojotipu hixuginujegisom gahukejicatibe siseg
Heziromexo wideviloz
Gec yeraxewesexe xulafimo
Ligez xasizatofuhifiw munigABunamew xasadezed zoledilupihol kawahuwohil tijukadoyihu funejipi2Wutuca per nivekafidi xopiyepuhocobew kiwesopujaja
bDoxoyani nediwayuza zopukisa gugivabikokono raxicirenelun kusufedo nivameyorowu siboxijefaz bimuxu.Baga lagabuvi gedoluhumasaluc zozahofosut wabaAXowerahero zahogu zaboluza fuhiwohajoyabuv pip nub fudezukeyesigu<Xemalufutidah nowegowasayugu begozod jino jofakut pigaxocanu2Dibifatov gapel fubitatit gigixiyicobo kohefatuzis4Zinuzusekawaw mixegamabujek murehivev nawa yar nipih
Zuzawu nesukorezep jixerifuluh
Antivirus Signature
Bkav Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.b1c5a3368b6c0c2a
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0056f9be1 )
BitDefender Clean
K7GW Trojan ( 0056f9be1 )
Cybereason Clean
BitDefenderTheta Gen:NN.ZexaF.34088.pq0@aucgBlbi
Cyren W32/Kryptik.EWJ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky VHO:Backdoor.Win32.Agent.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Trojan.Crypt (A)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Mal_HPGen-50
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
CMC Clean
Sophos ML/PE-A + Troj/Krypt-W
Ikarus Clean
GData Clean
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.TE.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
McAfee Artemis!B1C5A3368B6C
MAX Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Mal_HPGen-50
Rising Trojan.Kryptik!1.D8AC (CLASSIC)
Yandex Clean
SentinelOne Static AI - Suspicious PE
eGambit Unsafe.AI_Score_92%
Fortinet Clean
Webroot Clean
Avast Clean
CrowdStrike win/malicious_confidence_100% (D)
No IRMA results available.