Static | ZeroBOX

PE Compile Time

2021-08-24 17:29:16

PE Imphash

439ff53323e9506db8654c0d8af9cf37

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000938 0x00000a00 5.37404648209
.rdata 0x00002000 0x000002fd 0x00000400 3.93204475641
.data 0x00003000 0x0000028c 0x00000400 4.68890228798
.rsrc 0x00004000 0x000006d0 0x00000800 2.62479915259
.reloc 0x00005000 0x0000009c 0x00000200 2.24413715295

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x000041e8 0x000004e8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000040a0 0x00000143 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library KERNEL32.dll:
0x402150 EnumTimeFormatsW
0x402154 GetConsoleOutputCP
0x402158 GetLastError
0x40215c GetModuleHandleW
0x402160 GetProcessHeap
0x402164 GetStdHandle
0x402168 HeapAlloc
0x40216c HeapFree
0x402170 LocalFree
0x402174 VirtualProtect
0x402178 WideCharToMultiByte
0x40217c WriteConsoleW
0x402180 WriteFile
0x402184 lstrlenW
Library ole32.dll:
0x40218c OleUninitialize
Library USER32.dll:
0x402194 LoadStringW
Library MSVCRT.dll:
0x40219c malloc
0x4021a0 memset
0x4021a4 towlower

!This program cannot be run in DOS mode.$
`.rdata
@.data
@.reloc
LoadString failed with %d
Could not format string: le=%u, fmt=%s
EnumTimeFormatsW
GetConsoleOutputCP
GetLastError
GetModuleHandleW
GetProcessHeap
GetStdHandle
HeapAlloc
HeapFree
LocalFree
VirtualProtect
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenW
OleUninitialize
LoadStringW
malloc
memset
towlower
KERNEL32.dll
ole32.dll
USER32.dll
MSVCRT.dll
<?xml version="1.0" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<trustInfo>
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false'/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
495c5u5{5
8#8F8]8
9"9(9.949
0 0$0(0,0004080<0@0D0H0
7]jHSVB
`0d01\
VB2]x-
7r6.ili
gVB2]x-
7r6.ili
VB2]x-
7r6.ili
VBZ2[d
BjJ1kr
-?#X#
:gVB2]x-Fw
^Ya$7F
>WGNOtW
2BSV9|
W4@Z2[=
VBZ.[B
B=gH,v
3/ d@s
kpT@1n
:>8g/r
<z]J1nV
4M7`x-]!JLb
A0CA"{
sPJ67.>
_(c9RI
qj]@(`M
:w0&az
<)x@D%
9RqgO,
g-H2VW~
Y1%1n/
9,O;CXO(
S}e0|I
\ d(6A7
bJn;i ]
]{ZJn'
zt!3O>&~h
J99g&M
!>j~6<
5tfS= N
pcJ9;;
&(+8GI
HFmkp,
\L0+by
"*r(-?2
&`\_Qz6
{ dycQE
?+b"+]
=E(D[w
?pSmW?
Op-&Slz
&BjJA6,
f g-{=
$P]g8Q[
_6X>7_
(zl".y'z
jRT[cQ
I7:o,>=L
v^crD/
|-Mr6D
%u_Bj*Ap
Ik+:Im~
iU:?)4
Nw7hd?4
VEQJY>[
Q$UQh$Z
d@(Jy{
<)xTD%
d ?-$b
v@8eip
Uj; `FnVJ q
.g~uQ
'X944&
d \brk
z4D2W\
q$?_(f
gFeUg(
*mVv,$
ECt#b8
1PM9gX
}#`z6t0|I
\uCqndBtP
ykI8bv
*u9 S2
0|ix{>
Dy]*>s
7x4+f_+
Auq$T
7*t&4U
@ll$) 9
P&uqp5`(!
i;t[Q2
wyk/P{
dwBl$z
q@%$w+
czJ9\N
;6+b@<b
b5kp8K
&{AllH
^K&u,f
9g+M>X
:Jn'-|8
|!P;U~
lf|R?_
\\GBp5\
\ ebB]
y*;H-?2
<(:e<U O?
T1}vPJ`
:=]k_v
3?Gf{/
A8q$?_(
t nNX
-h/B+
=3;fv?
|!N;U`2M2
v/VEy
.g81\X
K;TjdD|J
(1\_QJ
m~tGRP1M
8cJ<r<h
\zhD7q
;p4WgB
{I7xyc~
yge,;p
)dn@0V
9A{<U
r:IC?C
F4X}r~
6:}n[M
mq|ONZ3
?~88#P
W/K[Zw
nV-5PW|
XK2z-j
EsA6Hf
j?U*>$9
7Xd?<]
\Y8+b"
z'x-]%n
BxJu,gl#?
a?vd}/
ukX9^t&
Dt~Nz7
#2\bES
G4R51\
4!r63c@
&#)&4'%
7r6.ili
M{"<M'-
2Kp!A|
VB2]x-
La!%*d
>cdAM/
_c%yY
ZRQ8TR
00mPAy
NnV=b6)w
z.PNJV
vco7O6Y
'B6J&7
6ei4i5
2fp+A"
6gi?i7
J>7'6}i
2co7@6
6g2gNW
_S+P*.
_BjJ67X6,i*i
2>psA
:.aNfV
6B-]b-
6B2]x-]
BB]1-4
tBjJx7
6}i=in
:.aNnV
_8+A*o
7R6.ili
oB2]x-
BjJv7R6
JM7A6<i)i1
.QNJVG
B*]2-
B<J'7q6
JL7Z6gi
c[7?6V
_BjJv7R69i
s[7s/
.ili#s
Cu=0kd
7r6.ili
Jh.!c$
$"=l/iVp
OudbtH
VB2]x-
7r6.ili
VB2]x-
7r6.ili
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
VB2]x-
7r6.ili
9^$30L_
TQ7C_>-4D
<(g$l.
qVmZ &6
zcoTzxS`U
BQUBmD
;2*wknT
/bWzB0K
G`:|JA
d>?[=>c
aI>R(E
?kwd\f
MIO+rj
f967vEFK
K~oBjU
frQkn6
Y^bVR|jP
H/,UAD0
;D*@Cy
>baE.=
0"GkH&
5lm(K6
hec|!1
rh:[_
v2^z\c
Z>bmES
~+|K]f
F}\+~PV
-K?{46
#_@oM
_u.G{I"
P1f$;UvUIw
+)k[b\lZ/g
xrX,`C
U\4h;C
L=>C0\`
f*1Mqe
xGj6(&$
[(.(knt*
2;D<I"A
-D@s&PC
gRST/
\D~{,J$~.
]3P[pHq
x\AjD*
]?+M}E
$x&h+1
L2?bb1
;IH:]"
7THD&R
J.u{7
%m-$rv
<cV#:e
zz6{+7
.u3qe&
e7d];il;s
~,z`u@+
-]a@Fb
[BU0*'
BL1kYn
Em7D*]a
GWJQ.xF
pBB)8r
YMYmc
dE+yK/
aioWo#I
OD_~G<zb
*l%dX2j
yD~_^
:)Y{'"
_ r[Y0Cy
|zb]M|
]o#UJr'CT
eh(-9R/5)7
4uxK<>
7,Q4_lY
OLe'*y
95+Ut5`
v@A'iIoH
$UWPT_F
?jO]qx
!E\kA4
DE03)
y#h*/+
Ju/a]\
t%}jep
NCJvv^
gLSst:bx
wZ0\C6.
xb`tKo
On\@PP
q{x~`2
|E6&5o
^HTp1.
40L{nR
,>eGY_
~3=Qm4z
D}rjw?
YNu"_sw
91ffQi
xM'^2^=
chEUoy=
I'?#(ju
(qK_%22f
dr\w.r-Y
/}R@]#
}@\T)&
[@mkVM*
wstH"e
Zgd[OWa/
5TF4:>
BEJ(Gd
Uld4`7
"yU;:%pu
XK,KC@5/
[%\'>}
'A#)uy0
V{gyl6
|.i@3I
X'/qsLg
g#^u7
L;?M;`
zL9\5S
eA7e&eA
5+4?^67
5<czVt
6(4"mW
6q]$Up2
$v'XcU
az@>?W
i1h\]kSg
5mlpY@=
-|li^H
+?Bhw5vqq?
PCP0Ul
`|T\%]'
o.-Q/bzWT[
.TW|bf<
E@u:XA?z
';Hna*
|(cVxE
iM`A=
*Bt6$Hm
o8?Z1(
2>E|Gr
,M2J`Krw
`n$si`
,L[GyNMV
C1!EU8
^b)_mzv
Mv9>"ig
K.N)1aRx5
><,\o-dn%
})j)T3
W}J:k1
~Gp$b3+
Uf6m{1g
LW[#wt
k^S(cJ
gXEn~o
|g13CIA
Q'_FP|
_c2XO]
(g>?w^
Y&9tI0
h?}x:o
4b+5"s
t#P*P$
X[ 5]F
g@0Zb~
1>*t^(
R~sCM3
C/~;Gg
NM/J{
W2w(d9)]
~Tj)Qv
QtW~Fj
(Ce,Vy
.jq>=9
n:Wr{[g
c9SBX!
>,d?}9
=~%.{,
OLco8mJ
_Us+)c
3=S`X6wm
PU|B%<i
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37475158
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Variant.Razy.913395
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.37475158
K7GW Trojan ( 005816001 )
K7AntiVirus Trojan ( 005816001 )
Baidu Clean
Cyren W32/Trojan.GPQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Kryptik.HMFG
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win32/FormBook.0a85e509
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Kryptik!1.D84E (CLASSIC)
Ad-Aware Trojan.GenericKD.37475158
Emsisoft Trojan.GenericKD.37475158 (B)
Comodo Clean
F-Secure Clean
DrWeb Trojan.PWS.Siggen3.2445
Zillya Clean
TrendMicro TROJ_GEN.R002C0DHP21
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
FireEye Generic.mg.61d4b8cc54596921
Sophos Mal/Generic-S
Ikarus Win32.Outbreak
GData Win32.Trojan.PSE.1V9N73W
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Generic.D23BD356
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/FormBook.VAM!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.FormBook.R438791
Acronis Clean
McAfee GenericRXPU-CH!61D4B8CC5459
TACHYON Clean
VBA32 BScope.TrojanPSW.MSIL.Agensla
Malwarebytes Spyware.AgentTesla
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DHP21
Tencent Win32.Backdoor.Fareit.Auto
Yandex Clean
SentinelOne Static AI - Suspicious PE
eGambit Clean
Fortinet W32/GenKryptik.FJLZ!tr
BitDefenderTheta Gen:NN.ZexaF.34104.ouZ@aaHWMBci
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.09525e
Avast Win32:MalwareX-gen [Trj]
MaxSecure Clean
No IRMA results available.