Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x000106a6	0x00010800	6.78806166083
.rdata	0x00012000	0x00000358	0x00000400	4.08867372298
.data	0x00013000	0x00002138	0x00001000	7.57900984271
.rsrc	0x00016000	0x00000eb4	0x00001000	7.69687028382
.reloc	0x00017000	0x00000be8	0x00000c00	6.68061704998

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x000106a6

0x00010800

6.78806166083

.rdata

0x00012000

0x00000358

0x00000400

4.08867372298

.data

0x00013000

0x00002138

0x00001000

7.57900984271

.rsrc

0x00016000

0x00000eb4

0x00001000

7.69687028382

.reloc

0x00017000

0x00000be8

0x00000c00

6.68061704998

!This program cannot be run in DOS mode.

`.rdata

@.data

.reloc

_^ZY[]

X_^ZY[

=j&&LZ66lA??~

}{))R>

f""D~**T

V22dN::t

o%%Jr..\$

&&Lj66lZ??~A

99rKJJ

==zGdd

""Df**T~

;22dV::tN

$$Hl\\

C77nYmm

%%Jo..\r

>!KK

55j_WW

&Lj&6lZ6?~A?

~=zG=d

"Df"*T~*

2dV2:tN:

x%Jo%.\r.

t>!K

a5j_5W

ggV}++

Lj&&lZ66~A??

bS11*?

Xt,,4.

RRvM;;

MMfU33

PPxD<<%

Bc!! 0

~~zG==

Df""T~**;

dV22tN::

xxJo%%\r..8$

tt>!

pp|B>>q

aaj_55

UUPx((

cccc||||wwww{{{{

kkkkoooo

gggg++++

YYYYGGGG

&&&&6666????

nnnnZZZZ

RRRR;;;;

[[[[jjjj

9999JJJJLLLLXXXX

CCCCMMMM3333

PPPP<<<<

~~~~====dddd]]]]

ssss````

""""****

2222::::

$$$$\\\\

7777mmmm

llllVVVV

eeeezzzz

xxxx%%%%....

ttttKKKK

pppp>>>>

ffffHHHH

aaaa5555WWWW

UUUU((((

BBBBhhhhAAAA

='9-6d

_jbF~T

11#?*0

,4$8_@

t\lHBW

QPeA~S

>4$8,@

p\lHtW

+HpXhE

T[$:.6

00006666

CCCCDDDD

TTTT{{{{

####====

ffff((((

vvvv[[[[

IIIImmmm

%%%%rrrr

]]]]eeee

llllppppHHHHPPPP

FFFFWWWW

kkkk::::

AAAAOOOOgggg

tttt""""

nnnnGGGG

VVVV>>>>KKKK

yyyy

YYYY''''

____````QQQQ

;;;;MMMM

ccccUUUU!!!!

NYbr-Vk@

WVh4z@

WVh |@

WVhX|@

WVh,}@

WVh\}@

WVht}@

unh:1A

SQRVWj

SQRVW3

_^ZY[]

j|h<FA

j|h4GA

j|h,HA

j|h$IA

SQRVW3

_^ZY[]

SQRVW3

j|h<FA

j|h4GA

j|h,HA

j|h$IA

.text$mn

.idata$5

.rdata

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

BitBlt

CreateDIBitmap

CreateFontW

GetTextColor

GetTextMetricsW

SelectObject

SelectPalette

SetPixel

TextOutW

gdi32.dll

CreateMenu

CreateWindowExW

DefWindowProcW

EndDialog

GetMessageW

USER32.dll

FormatMessageW

GetCommandLineW

GetLocaleInfoW

GetModuleHandleA

GetProcAddress

KERNEL32.dll

*!Z0C-

=J2OV~=

rbq}\o

kGQ|sY

e!M0V-

*!Z0G-

DN'[zg

Werj/U

GW;Ut'

NAIiuK

2eF"~:

fcVc%@k

Fb_Cy

3&3/383

4]5f5o5x5

6&6/686

7]8f8o8x8

9&9/989

:];f;o;x;

<&</<8<

=]>f>o>x>

?&?/?8?

0]1f1o1x1

2&2/282

3]4f4o4x4

5&5/585

6]7f7o7x7

8&8/888

9]:f:o:x:

;&;/;8;

<]=f=o=x=

>&>/>8>

]0f0o0x0

;F<M<T<[<

<#=-=2=

=.>5><>C>a>h>o>v>

>&?-?4?;?Y?`?g?n?

0I0P0W0^0

0@1G1N1U1

1,232:2A2

2Q3X3_3f3

636E6K6U6[6m6s6}6

6K7]7c7m7s7

7>8D8m8

> >%>1>6>B>G>S>X>d>i>u>z>

0;0e0s0

0C1g1u1

253Q3f3x3

4D5J5]5c5q5w5

63696B6f6l6u6

7:7@7I7T7\7

9)9`9i9

:1:U:i:

;2;E;a;n;

<4<B<m<{<

(0G0k0

383A3N3e3

3A4P4Y4

5.6E6\6p6

8$8/8D8|8

8&9@9_9w9

:':E:W:k:

<$<?<N<c<r<

0?0{0*1A1

2!2;2O2\2e2

44a4j4

6<6N6i6x6

8-8a8k8

9?9H9Z9e9r9{9

:!:,:9:B:`:}:

;!;+;T;];o;z;

</<:<G<P<s<

='>J>m>

152`2j2

455M5w5

6"6;6C6I6b6j6p6}6

7'737:7C7J7S7Y7a7

:,:_:m:

<$<2<@<I<

=5=G=n=

>)?N?}?

7 707:7

:?:Q:_:

<;<J<Y<!>j>

1U1]1y1

2)3/353C3c3i3o3

4-4?4H4Q4g4

4525Q5

6&7U7[7e7

9 9&9<9B9i9o9

:7:=:H:Q:W:\:b:&;O;^;v;

>'>4>A>v>

?$?1?>?l?v?

0'040b0l0y0

1*1D1N1[1h1p1v1

4:4F4a4

9 9+989A9b9

>/>L>t> ?*?

/0>0L0[0

4)535C5M5v5

7"7,7:7D7V7a7f7l7x7

7.888W8{8

9&9d9r9|9

:0:;:@:J:O:Y:^:h:m:w:|:

;';,;2;<;A;G;Q;V;\;f;k;q;{;

<(<-<7<<<F<K<U<Z<d<i<s<x<

='=?=O=g=w=

=A>K>Q>[>e>}>

!060D0X0l0

3:3p3y3

6*6F6d6t6

6G7c7t7

78*858V8^8

:?;N;W;

<&<5<?<m<

<'=4=o=

3&3A3O3r3

4%4-4>4G4

5+505<5M5

566<6B6H6N6T6Z6`6f6l6r6x6~6

Antivirus	Signature
Bkav	W32.AIDetect.malware1
Lionic	Trojan.Win32.Agent.j!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CMC	Clean
CAT-QuickHeal	Clean
ALYac	Trojan.Ransom.Filecoder
Malwarebytes	Malware.AI.2269706687
VIPRE	Clean
Sangfor	Clean
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Heur.Mint.Zard.25
K7GW	Trojan ( 005811bc1 )
K7AntiVirus	Trojan ( 005811bc1 )
Baidu	Clean
Cyren	W32/Ransom.IDEX-9229
Symantec	Downloader
ESET-NOD32	a variant of Win32/Filecoder.BlackMatter.C
APEX	Malicious
Paloalto	generic.ml
ClamAV	Clean
Kaspersky	Trojan-Ransom.Win32.Encoder.nqg
Alibaba	Ransom:Win32/BlackMatter.52106dd5
NANO-Antivirus	Virus.Win32.Gen.ccmw
SUPERAntiSpyware	Clean
MicroWorld-eScan	Gen:Heur.Mint.Zard.25
Tencent	Malware.Win32.Gencirc.11c9e56f
Ad-Aware	Gen:Heur.Mint.Zard.25
Emsisoft	Gen:Heur.Mint.Zard.25 (B)
Comodo	Malware@#2sxlbnmiataa1
F-Secure	Heuristic.HEUR/AGEN.1137758
DrWeb	Trojan.Encoder.34313
Zillya	Trojan.Encoder.Win32.2652
TrendMicro	Ransom.Win32.BLACKMATTER.SMYXBHMT
McAfee-GW-Edition	BehavesLike.Win32.Generic.lh
FireEye	Generic.mg.18c7c940bc6a4e77
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
GData	Gen:Heur.Mint.Zard.25
Jiangmin	Clean
Webroot	W32.Ransom.Blackmatter
Avira	HEUR/AGEN.1137758
MAX	malware (ai score=85)
Antiy-AVL	Trojan/Generic.ASMalwS.3477A08
Gridinsoft	Ransom.Win32.AI.oa
Arcabit	Trojan.Mint.Zard.25
ViRobot	Clean
ZoneAlarm	Trojan-Ransom.Win32.Encoder.nqg
Microsoft	Ransom:Win32/BlackMatter.MAK!MTB
AhnLab-V3	Ransomware/Win.BlackMatter.C4575089
Acronis	Clean
McAfee	GenericRXPT-HJ!18C7C940BC6A
TACHYON	Clean
VBA32	TScope.Malware-Cryptor.SB
Cylance	Unsafe
Panda	Trj/CI.A
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Trojan.Generic@ML.90 (RDML:qyeJDApQr3Dfr2VT4pj7Hw)
Yandex	Trojan.Encoder!tlTvXNFaIrI
Ikarus	Trojan-Ransom.BlackMatter
eGambit	Clean
Fortinet	W32/BlackMatter.A!tr.ransom
BitDefenderTheta	AI:Packer.528983E61E
AVG	Win32:BlackMatter-C [Ransom]
Avast	Win32:BlackMatter-C [Ransom]
MaxSecure	Trojan.Malware.300983.susgen

Antivirus

Signature

Bkav

W32.AIDetect.malware1

Lionic

Trojan.Win32.Agent.j!c

Elastic

malicious (high confidence)

Cynet

Malicious (score: 100)

CMC

Clean

CAT-QuickHeal

Clean

ALYac

Trojan.Ransom.Filecoder

Malwarebytes

Malware.AI.2269706687

VIPRE

Clean

Sangfor

Clean

CrowdStrike

win/malicious_confidence_100% (W)

BitDefender

Gen:Heur.Mint.Zard.25

K7GW

Trojan ( 005811bc1 )

K7AntiVirus

Trojan ( 005811bc1 )

Baidu

Clean

Cyren

W32/Ransom.IDEX-9229

Symantec

Downloader

ESET-NOD32

a variant of Win32/Filecoder.BlackMatter.C

APEX

Malicious

Paloalto

generic.ml

ClamAV

Clean

Kaspersky

Trojan-Ransom.Win32.Encoder.nqg

Alibaba

Ransom:Win32/BlackMatter.52106dd5

NANO-Antivirus

Virus.Win32.Gen.ccmw

SUPERAntiSpyware

Clean

MicroWorld-eScan

Gen:Heur.Mint.Zard.25

Tencent

Malware.Win32.Gencirc.11c9e56f

Ad-Aware

Gen:Heur.Mint.Zard.25

Emsisoft

Gen:Heur.Mint.Zard.25 (B)

Comodo

Malware@#2sxlbnmiataa1

F-Secure

Heuristic.HEUR/AGEN.1137758

DrWeb

Trojan.Encoder.34313

Zillya

Trojan.Encoder.Win32.2652

TrendMicro

Ransom.Win32.BLACKMATTER.SMYXBHMT

McAfee-GW-Edition

BehavesLike.Win32.Generic.lh

FireEye

Generic.mg.18c7c940bc6a4e77

Sophos

Mal/Generic-S

SentinelOne

Static AI - Malicious PE

GData

Gen:Heur.Mint.Zard.25

Jiangmin

Clean

Webroot

W32.Ransom.Blackmatter

Avira

HEUR/AGEN.1137758

MAX

malware (ai score=85)

Antiy-AVL

Trojan/Generic.ASMalwS.3477A08

Gridinsoft

Ransom.Win32.AI.oa

Arcabit

Trojan.Mint.Zard.25

ViRobot

Clean

ZoneAlarm

Trojan-Ransom.Win32.Encoder.nqg

Microsoft

Ransom:Win32/BlackMatter.MAK!MTB

AhnLab-V3

Ransomware/Win.BlackMatter.C4575089

Acronis

Clean

McAfee

GenericRXPT-HJ!18C7C940BC6A

TACHYON

Clean

VBA32

TScope.Malware-Cryptor.SB

Cylance

Unsafe

Panda

Trj/CI.A

Zoner

Clean

TrendMicro-HouseCall

Clean

Rising

Trojan.Generic@ML.90 (RDML:qyeJDApQr3Dfr2VT4pj7Hw)

Yandex

Trojan.Encoder!tlTvXNFaIrI

Ikarus

Trojan-Ransom.BlackMatter

eGambit

Clean

Fortinet

W32/BlackMatter.A!tr.ransom

BitDefenderTheta

AI:Packer.528983E61E

AVG

Win32:BlackMatter-C [Ransom]

Avast

Win32:BlackMatter-C [Ransom]

MaxSecure

Trojan.Malware.300983.susgen

Static Analysis

PE Compile Time

PE Imphash

Sections

Imports