Static | ZeroBOX

PE Compile Time

2021-08-26 15:47:48

PE Imphash

ef471c0edf1877cd5a881a6a8bf647b9

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x000b8000 0x00000000 0.0
UPX1 0x000b9000 0x00055000 0x00054400 7.93590279841
.rsrc 0x0010e000 0x00037000 0x00036200 5.25060755227

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_ICON 0x00142328 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_UK GLS_BINARY_LSB_FIRST
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_STRING 0x000fa8d8 0x00000158 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_RCDATA 0x00142794 0x00001052 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00143874 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_GROUP_ICON 0x00143874 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_VERSION 0x0014388c 0x000000dc LANG_ENGLISH SUBLANG_ENGLISH_UK data
RT_MANIFEST 0x0014396c 0x000003b0 LANG_ENGLISH SUBLANG_ENGLISH_UK ASCII text, with CRLF line terminators

Imports

Library KERNEL32.DLL:
0x543e98 LoadLibraryA
0x543e9c GetProcAddress
0x543ea0 VirtualProtect
0x543ea4 VirtualAlloc
0x543ea8 VirtualFree
0x543eac ExitProcess
Library ADVAPI32.dll:
0x543eb4 AddAce
Library COMCTL32.dll:
0x543ebc ImageList_Remove
Library COMDLG32.dll:
0x543ec4 GetSaveFileNameW
Library GDI32.dll:
0x543ecc LineTo
Library IPHLPAPI.DLL:
0x543ed4 IcmpSendEcho
Library MPR.dll:
0x543edc WNetUseConnectionW
Library ole32.dll:
0x543ee4 CoGetObject
Library OLEAUT32.dll:
0x543eec VariantInit
Library PSAPI.DLL:
Library SHELL32.dll:
0x543efc DragFinish
Library USER32.dll:
0x543f04 GetDC
Library USERENV.dll:
0x543f0c LoadUserProfileW
Library UxTheme.dll:
0x543f14 IsThemeActive
Library VERSION.dll:
0x543f1c VerQueryValueW
Library WININET.dll:
0x543f24 FtpOpenFileW
Library WINMM.dll:
0x543f2c timeGetTime
Library WSOCK32.dll:
0x543f34 socket

!This program cannot be run in DOS mode.
O[:=,Q
c5,-H;
oPLWj@
a@PC00
f4k/dR\M
r|$T8Hu
3 '(4(
9H(hG;0
+~QPRS
WWjdh,^P
YAwY1X
L$$9N@
5</t&E?%
p#L@t@
DQpVQyd
Uhpt4s.V;(/A.
W,`6^Rb
]3MSBV
uGVj(SA
Ng2z/]
:^$9^,u
s04BfE
zT%>OE6
TItD2(
Bm8l<$yRf\
RS+Kp5
(^x|)J
P5h,K'n
ef7q\{=
RwtXktQz
,x$+Z<
;R6t(8t&
FPVXR'em<
't%A<DA
2}iw7'
0?f` \
2J,XWv
&98tZ?42@w&
DSZC1 &
)(pvFS2|vI
4NDHlh
Hc4V3|
 !"#$
&&'()*+
--./012Q334556789
=>=?@AB
CCDEFG9XL
HIJKLM\OP
"y^:sHw
s60u8`im l+
F$2!*1
0(,4vN
[#T;6uE
w@<""]
\@GLH%
jR@&YlM
jFEX%
_"LCt7
l9~vl&
0jAhsD
DWu!X(
W6lN|
Bt15<"
Ah8I8ufH~
WcpT4v
^S`[2J
7Xxu<0W
\@C6!pM
EbhDRfk
tQju@9
m9jf7a
G&n0gz
Rt'St!Tt
p"\zU>O
zP0bf
tX(:0tDa'
h;'BpxE
gn&lUu
0qzw\8
(_,si|_
q(c0dH
D#_?xL
H#&)zp9
>+uT#`
Ot GHt
HrGXFzr
w9OM79
L,h$<
j 4uib
wkP`Tzp
!F*pr{
C5OX8B
EuH&F;"|
31H;#y
D` 6Rm
PTX\l.
_}c>G1
rtx|ry.
8Wxc<@
C.8<@sy
o_*c\`
esyvDDd
w$(wy
c w$M3r
wp|fjw
,f.04;v
l.P/kTX
\$>c(,
rLPX49
l.PxxTX
4\9vy.@
LXX7w
6F"cLP
9PT\v 9
\DHLsy
r$(0xv
l.0i,489
C<@HC.
H,mX0C
x4w(,s
rtx|ry.
g!^VF
?OXt#v
Z\(Iu-Y
uuHL9>V
dY@z`0
Mpx$FFf_
-& (@
\tA1x v
!FFF>A
[SE\zTBZ
@hf$~'
t[%@z8
wDJrMI
,*(PyF
y#od*|8
N)bI;uV
<uGj>'
$tHXj
OV]dkry
y8Ut&
#Qk`e6
ng-8P@%
_84tN`
w$/tM9
"%&#JI
(@ =a'
0F (n0
v`~p0g&
\mC"S)
CNS-l@
uBSiCNS
CNSHS9
~bm%X
Q$u|[|
}oB$~N5~
=^==]n
jA[jZ^+
9<e#G!
h\Z[VH
9u(v?VSg
lqg}^I{
u&P6::~{6
|H7b#\
0pV0@s
=QY=OI=
M*=;#=YuP
D1$$/z
F8E4=X0
YQnVWl
ugI8(@
E]4pf
3<dZ>i
&:a;@4
7W ^nA
WrB?46
n0,uu'bPjt
h2$#:)W0|
\D$1\.
.)1/m1B+
@nZBF-
aC6H)10
V{sV~-
Genuu_
ineIuV
luMx_Y
`$pQf}
~8+0x:
iAV:~#
Q4_[i4
iqkgHFI`,
\XTIol
;5W6pNZ
LRX%O
TRr{7c?,]
e@.@LD
G`pTg`1uA
L{L2uu
w3Zv&j
86@tBb`4'
htHjlY!
i@BPH@`
3,4X/ct
}nt'jo
cVPvBO~B
0t<NdX
^&b3Gbma
2>NI=<P~
+x-]#Lz
~duZg.VFd
}w6jiu
Q@t4Md
6vQQej
<3?2fG
u?97t7
@?Bpb6H;
qTp<!=jnm
$;(\9`
_SY64 V
.@/w4#
caWKV>
|"!2j
qL<hW`
KT9r$V9:An8
~L)Zcj
S4PFT8
60SMwH
Q43=0n
ZLU0)8
d_`j[8|
6x8tt
HSj?H
{X,p&%w
QzEWjd
&VV87u
xOf:@$,;-MI
QmLbTqf+
Y,/1~P
i`6Q%lQ
Q4Xu;\
^Sb=-9
\.$<8P
HL''''PTX\''''`dhl
I&8<@2
9J]}r%
$'W-<v`
O9=XtG
[R29A|2
WSQX/}
^~';_t|%+P+Ew
H%pwtV>wP%
`]xwt
PjdE@JE
Q<haLH,]
'kc[S]|
D{So9b
|+;Z}&
XuKyBR
Dcj2c^
VCRZ$8
:Ya\\u
u=H`p
BwcW"9
DBt G)
=e8!AP
O8O8U
X`~X6V
hFBHz4
XAHz}p3
frj)0|'^XZu
F=3$^I l
Xx%"t$9=
WkCiIB
c!$Xj(
l 4GW_3
B6@ttRRL
S+;J2.8@
M =xm1
_9`Lj.EM
M)6qB`N
uU@d_0
M%9Lt9
(c ]!P[?
HXhv?F
b,$jUg
:Pg2,"
b"W%Rs
5[Q[3O
Euu{B)F)
YHdg<m
JrZS9u
f1dd7
o.<'w`
4_` 0N
}k=&y$]s
GYc7i<t
j;V[aFG
^1P??C
84Fk+xX
np|Ul3
oHJ[$!1
@000 (
?s8g*|
zY9sfk
fZi+5Q
T:N$s7
]7Pf,z:
|>F,F0F4
4O0x4|
+B{DvH
lu'Iy/
-VZ`}+,
-,_\wq^s
zFtlZ`Th
GfHA.
V%T0y
y@`/ (
84fZ<uM
.Z,ymr
C;\)-p
D7r@SA
X#VXCw7
.;AC}u
iO,_&0d4
>-``x
B(@U$IZ6
XV@[K,%<
CdF4G S
ar.fw)W
"t|<%tx<'tt
p<&tl<!th<otd<
]t`<[t\<\tX<
tP<_tL<
QxIZf-
KkwDJ@4
t'HuFo]
fJ!FxB
k(CmN_
X9EE|6
M"3t[a"tz
&!UZ"x"
`wq34&
5^T:86t;
%uJ2#_
V*qFG`
@KXlY*
TB[v^')
88vY=h
=t-fW
3.+Tn+i
jxK0lDP
<7 <2ox
NK+-\i`u5?S
"=yxFAb
$] ,m`
@&1$=I
uq2/D\
\!+HzI
uA,0P'@
:0@PSSA>K
gH8~P'4c
RDSD\<V
Wg3d&
:.AO'@}!w |
uF^Fn!@)
9h"m /
fbSeu*bRWm
*$0%r
*- oWO
9V^6rv
UQK ;;z
@t{.{0
5ANURC
-Q+/^
3$- \X^#
DP;GLu
\\`dh-
}R~(:m
>r[1Lm;
%hNmi4H
&KMFC1@
/iZd f
(k,`m0
q~V+(9
y07>EL
]v32Cu
#5Aa8[
:u7eQ_S
SI)&}.tC
05V<%/(
F}3^F!!
B-"1Q/
-\RKVi
40$$<&<
TPSXX8
M@#LL`
ez@Ss0
B],F?E
rtbAtYatTStK
stFHt<ht7Nt+
@R0`Et
<GvH@@
-Sa5rx
;:$U#x
NV@P+hcR
1-IAah
2Ap\c3
EP!Jc%
PO_Po
@WmPc3
fHPF"!
'BQ/zD
BI6\HX(8
q*M|E-lUu$r$
Fi_t@.O
((,,0S+L40c
6BErxBwp
?9w`A'
<Msssw
M\f/)h
8< 0EB(
#@m8 -5H
L.Sj&SFj
[E'[VU
g\"7j,_
K7BI'C
"sBj;8
P!,5Q
5%$GSF0
D-`9NW$
+0S9"8
+l?-I&
J;{t--
,T@@3`
SBjW7(
jlA#L(
+PW+SR
$H80u=
I#CxY4Ec0a
YxpC6o4
v$Ag40]
={tGUQ
Dhp(WA
0TJ_iN
.L.X.d.t
S@A!E-[@H
BvY#f;
j@HjZ
"-~0tU
J}KZ`Y
;,t"F4"
syN2cD4DtN
vI=&=u
@p)ZHRM
Q0@ 730
J'Qhp7
b\9V $
|E(t0$
5e,0Bv
=KuG=L
Ho`+1|
+IvJ@:1
g`jNBG4>h%i
{C}K42
t|WVSx
avvRtM
w/lI-R/
+A-98U
&9Byyc
PWq#l
4uzHFK
K.p" x}|
A!4X(E
9<tLIZ
X0P:E]
@6M;$F
@@g$xv
u"kM"<
41(q]
tQZ\&Ge
DG`$,T
47P4H##
T*W`DX0
/Ha0&{Bz
Sw*$Cr
4ls_0p
`s5+X6
F*"14j-
&*?<W8
rVu6am`
aPQ7dd
zcE."i
j.YTEGH8I
G(4N]'
DULmTt
RyP$(8<_I
Ghple<
tLR])y
v@`I1H@p
h^TC02
$h!Qu
[3QLh'
- [`By
:k}oSq
G,-`$>cfY_u
,*Yb$t
JzK]"m'
Vqy)Mm
]1(qUW'
G$3P'}
^_]O1 3
j=oj|.g!X
(ZSQ:
Pt"0P5
2P@O!P5
RR.uq
P-RIB@G
#*WV-M^>
Hp[fk.
.=)ZQPRu
L7O8^8
IJ%\9*
7B?aO(
3P0sTP;-
^#[7qK
uS9q4uNu
HtZc2LG
4qM`WR-n
GXQ7:0
;GB?Q:
wfHlI!
~dTcKa
7TJ~uw
clWuw)
gdM|@
T+eByw
,m'HDhe@
\+G<+W@
SyhFy+
=D19X(
0L@wU~
G0S+Hk
/@t0/v
R)0|p
]Zha:P
0oun.[W<
S<S$s _R
8ZBbbwq
-6 |RT
uC,`<d
" sSgWh
"Grt>`
vX4d:H
hLTC[
ef(M"X)
C_*5=zs
A0i63[j
urF U1K
@ke^VB
GBX5W
u9mhad
)?-{,/
C3MPTN
h|D"\Yt
SSCZf;
G\OX2ew/
I#7uB}]
]B7PyM
+h'Rz;=
Df0R];
@3?'ct+
mM4n.r
]b2I)
2G<=%ZS
M;+Iy2
@(T6y
_YPpbu'
-jO jH
L@gM/[A
'I Dc;
,L@Nt3
Gt-Ot$
A%1{t(l-
{W32C>{
4!pSj.C6V
@;_!h+
*_E!8[r
2 P|+
.B,YNj4
*n'gL[
GRpKf,
900"q#
!t?:X8
dfh_lf
_m8(?[@
0ZkukB
:nxJ4
`kWy_K
ZxKrCcD
a;-%`wg
px]Ut+<
<I5ho%?w[
?|(~10K@QEF
Z(:t;I
=}'vq!t=5
)sjtl`
cN!gWQ7
,<$]@6!
@@$sia
X6P6SW
-iGf+!
!+JqGJ
mS=+ZvC
N>M(TE
C976.v
*Y2- r
XJSh>$oA+Xs
VLs]xW
tEb t@
F<])&Q\2h
mq/fks
6Ix+(v
^(9}uJ
B:[j-_2
r p@uN
fzhvx,
4Rj >`hO
>DWSuBwM
(]$Pmi
LBh\A
!;~> 2
]uNR-%
W[Mi;}
-t|dt,
w"aIv8
'YN/q/
G4F;y,}#
GH;OD>w
\>H~CAC
c\E%`KD
YPj`G3
qEX,h(
C"(;C,
oM"udr
pil|.'+
tb(NSi
iP4w`T
`[g0;2{TA
Kxow@8M;
<pq[yK
yE@pHN
DL\BZi
h 85"j'
)u#/:VE
p;EBe4
7}3f|u
N.d<"`
d3-&,9
3p{,x4X
LZ|_(mL
|\Cp*P
@t(`t"
s.;|r)
AQ$|/;
INiG@:$
%<!j,Vt Fy
=)QMz@
Hjvb.
DNv'.[>
tS6tN.t
It<#t-
M-(p)~Hu
u%,phl
VCI.H[
5I^@q.
^AM5=-
"lf=-ReT
ukvwh~xx
03*=mJ
0h*x`spY&
*WuBO*
bad allocationm
CorExi
tPrResD
:known ex
v('Ja^
Dec_uTygr
PMM/dd
,HH:mm:
co[;r#
,aTKOPQ
RSTUVWXYZ[\]^_`abcdefghijklm
vwxyz{|}~
GetValu
p,.dStackG
FeW5poolTimf
.,When
P483o2/
9|}'ak
^mWgs0X
<NgS3G
7TnOBS;
(null)
10&sinh?os
0_c_hy
1nPb'n6
B#On'$_
{'Gn'`G
sobQA0
]vQ<)8
74>U".
P!?Ua0
y1~?|"
?x+s7
k>? #J
O=o;:8o
7643'
1o0.-+
Nno*)'&rr;
o$#!
yyxw'''
vovuttNNNn?srqq
Npooon99
m?llkrrr;jojih
vg?gfe
ba?`_'
_^]o]\Nn''[Z?ZY
NNNXWWoV
UUT?Sr;99RRQoP
vrrPON?M
?5Od%
>,'1B
/pg)([|X>
G~U`K
r7Yr7]
&?~YK|
Bfe9?0
CqTR;?
<8bunz8r
m1WY$?]
<@En[v
uHfD#o
|'^\O~K
l,kgON
?Dj0Q:W~
o^w7H-
D>V:e:
5SmT4^
ZEM-'^
^\sY0:Rp
@~7Z8>
fe')lW
|u?!u$
d? cf>
\jVa?\
>?>JN.
r?>?\ '
22>?>$#
L #?>?
dd?=dd"
@F??=H
F=J43.
vuZEeu
bu?P/Y
#(+0,8-
9r@/H6P7X8
#G`9h>p?
9,!8"D#P$
#\%h&t'
4;@>L?X@#G
dApC|D
V$W0Z@e
#GPk`lp
><CHk`
l#,e@*8l6#
9rPL`.\sH
9r6-Lrx1Xx
|W _Tb
onnpv
Np_r/r
}?yS&v
;?-rR'
r/h_*L
KbO.pP
NgRWFR
rRo-mG
.vE&tTA
rwsm_M
/fngPi1L0cP
VKgssg
7Y6'B_O
GAU7/k
vmB_P/Q
krm/qs
kklino
ock?j
~huGup"-$Gp
~gvw/d
&veWindowLas@nt
Y:/(A6_
<i9_/T|
\$gNRE\
`~A%My
<TX\`d
__base
c\&pcalstd
hrGeabi
NrerictunJign
xlete}c
peratorJ
`tyRof$&lo( s
c gvdX
&u&''K
6KN.pyQ`u
::x:/CA0U
6$1#SNAN
Gy*?n/
wlfOPS
F7{qHl
C;`[[[
p!SKGRA
]_%QaF
)('+R+
+'G[?r%
_`ZbnE
rhijA
Pe\QewX
j[??@%
[ZJ~!\
~+*/](
77?o?/?
dYYYY?
+NNNN++++
mo$O$$?
/o//_.
''''33
Z?Z/ZO
v;\\O\\
E?E/EOE?MN
0o0_0_0n
vC?o&[_
[[/OV?VW
?G/Ga
M_WW/W
vrMMORR
vT_T?Td
Nn#do__/_
cOc?9r
6_ee?>
t3UGVLBM
&!KyN
+~"XT]
5c\oFIx
]ZoW 40
=GADcS+?
=ajk7F
GoSXP\P
oTGGjO
Qhmps7_m%V
G3(Zmm'
Eo''K
m&C/xi
7''tcG
AO76RA\
K?r=\m
/+'R[M_/
sg^bWV
Zjhkm
pL6FkK
dST&xOS
koyVrGgMRt
3_WJbg
+F[`l/'
8Z[7*6sG
O_START_OPT)IMI
MATC'
RECURSION'CRRL
$@y}Er
mpil2AutoIt
&seBerPp
(Xjvsupport@ahit
mCy&^;
NFaTVkB{
;&Jt?\
Lb#|c\
pi3O;[
&_W_r&
sWow64
kernel32.dllE
tnRegi
wG_Wb
Go s:&*/
Revert
ModuleHandl5
NNNmYj
advapi
b#S.#1Z
POZa1G6
V_wErrW
DEFINEUNICODE
HENoXOv
ciBlan
<in {(
} quantifiKzo
b:?miss(
bhBpty
:zZjc}
.rPOSIX
wiu2G`M5
B`t(s"
> 255v
^J^L
>= 0xd8
MrEgyp
~NkRNl
;Mmo><*/
Vietkl
Telv@+&
psspucw
LOB]BoQ
#98&rO
@@7/Eam
/!5AC
vPgR/S
l/mV p
$,8^@H
Ixx@o
$--%"!'
4<DLT\<
$4@L`py
<$08@L
\R?u;]4vI
7s.ak[bS
Sk?KwHK
GObglXI
eODS|<
'Wc"Vm
?sw";f!
0.VMKr:g
s5Tpqn
{o7#i&
sOrKe`
]C+e_/r
c%X?'q.u
Ep*7*+
HK]kv5Q
f+x+i$Zas
K3X0@
v05;cc
Heap7b
MultiByteToWide
r)DivaVrK
LoadAL
&0'hYc
olhelp32S:pho
ttW!N
s@ Py3
6`\o{&
-Lab";
b9TngTt)
,WX(w
mAUIc:
#-l^Arc7C
mn/DC)
ct7-x#
etchBltI
z&CRl-2/
LSIDFr
[{Yg#5C3`
GqSub%
9G+eXi8
rp0Xpd
Ws%Box
Lw[m]X
NXeek,
FnL9#i
!g3
~T[SS}
?/8!3o9rJ>w
?lNO>
0$f@gt"
$4C-_@
#^=0KJ
##@,&,//,))
X*TN&"
ZO\+V'1
66r[w.*'&+
E(R,t3Z
-:/&'l
0GxQ,Bp
3(-,'')-*/%'+
H%d=j@
xohx#-
3-@-#32
&#10.C
b,!d,ZG
,&Y18(
4H85L"
?'@-DN
7//22X
"0&$Nl
}9D^AR
.textt
XPTPSW
DYk53+
^{-fgg
&"MDZ)
<nfnq0
yDsssX]]%k-
337X2m
9@sssX__
RP}&afVJ)
MRJaqq
6"3 ,DD
,SU)HL
9, 04\
kvn]+*
EQNGMD
mM@+dn
F%l\uG
hb)yS2
]xn1cz
2^dDddd
Q$uwMY
yakhaD
>;SP`(
SGDBYE
W~(($2
Q[6bj5G
j:e03E
/%R.tu
(*R>o@k
Yk#em&
###dY&"B
eaaA&&&DD
&oTK5C+
QE}Ad-
&l\w>K
u+333h
D"e1ZR
[^{5{^
\|=\|54
IDATSXT
YXHa|B
g@D4"
)X_@~/
/FJb/D
<~J9Es&
3"%nv`
zoNC`0e\AT8
>O`GaE{y
njK+vB
Rn[]9_
C+*y2
rY55h`b8
BhFNA$
IV{9w,
zPPfdj
?OI@-e,
10fjZ2
1+?5wb
05-#xV
[|{.&`
Fyi1LJ
@JIJ)U,
Tza).,
^2+I?Sy
HAP,eTJh(
b[y$nj
Sh;?es
0Vfssb
?]sC<o
eIDF)e
YCccc~~[8
-OABDM?p
p!zzzP
^tD?V6#<
(r3"*I
el}2u
KM3}>'
OfW_}5
%|J6mK
gv*MRJ
c]z| e U$
j=RJxT
H}AU3!EA06M
XOg;Mm
.Wg^wt
l#%1Px
2|~}hj
~3Dc9/|
Q N*~:(
xDI1!Lw
b]/AU3!EA06PA
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df"/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
</application>
</compatibility>
</assembly>
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
COMDLG32.dll
GDI32.dll
IPHLPAPI.DLL
MPR.dll
ole32.dll
OLEAUT32.dll
PSAPI.DLL
SHELL32.dll
USER32.dll
USERENV.dll
UxTheme.dll
VERSION.dll
WININET.dll
WINMM.dll
WSOCK32.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
AddAce
ImageList_Remove
GetSaveFileNameW
LineTo
IcmpSendEcho
WNetUseConnectionW
CoGetObject
GetProcessMemoryInfo
DragFinish
LoadUserProfileW
IsThemeActive
VerQueryValueW
FtpOpenFileW
timeGetTime
SCRIPT
VS_VERSION_INFO
StringFileInfo
080904B0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Zenlod.a!c
Elastic malicious (high confidence)
MicroWorld-eScan AIT:Trojan.Nymeria.4901
FireEye AIT:Trojan.Nymeria.4901
CAT-QuickHeal Clean
McAfee Artemis!73DB2B58503E
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Zenlod.lcz
CrowdStrike win/malicious_confidence_60% (W)
BitDefender AIT:Trojan.Nymeria.4901
K7GW Trojan-Downloader ( 005817c31 )
K7AntiVirus Trojan-Downloader ( 005817c31 )
Arcabit Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win32/TrojanDownloader.Autoit.PEK
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Trojan-Downloader.Win32.Zenlod.lcz
Alibaba TrojanDownloader:Win32/Zenlod.23fc2978
NANO-Antivirus Clean
ViRobot Clean
Tencent Win32.Trojan.Heur.Aish
Ad-Aware AIT:Trojan.Nymeria.4901
TACHYON Clean
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.TrojanAitInject.hc
CMC Clean
Emsisoft AIT:Trojan.Nymeria.4901 (B)
SentinelOne Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Win32.TrojDownloader.Zenlod.l.(kcloud)
Gridinsoft Clean
Microsoft Trojan:Script/Phonzy.C!ml
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData AIT:Trojan.Nymeria.4901 (3x)
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac AIT:Trojan.Nymeria.4901
MAX malware (ai score=80)
Malwarebytes Malware.AI.214323910
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan-Downloader.Win32.AutoIt
eGambit Unsafe.AI_Score_99%
Fortinet W32/Autoit.PEK!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
MaxSecure Clean
No IRMA results available.