Static | ZeroBOX

PE Compile Time

2014-11-06 23:28:08

PE Imphash

b35907c8152cbadddd8bc306abc4b99c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000125a4 0x00013000 6.21330369595
.data 0x00014000 0x00000a34 0x00001000 0.0
.rsrc 0x00015000 0x000023a0 0x00003000 3.34169901116

Resources

Name Offset Size Language Sub-language File type
CUSTOM 0x00015668 0x000008be LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
CUSTOM 0x00015668 0x000008be LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
CUSTOM 0x00015668 0x000008be LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
CUSTOM 0x00015668 0x000008be LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel
RT_ICON 0x00015540 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0001552c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x000151d0 0x0000035c LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaFreeVar
0x40100c __vbaStrVarMove
0x401010 __vbaFreeVarList
0x401014 _adj_fdiv_m64
0x401018 __vbaFreeObjList
0x40101c _adj_fprem1
0x401020 __vbaStrCat
0x401024 __vbaSetSystemError
0x40102c _adj_fdiv_m32
0x401030 None
0x401034 __vbaAryVar
0x401038 __vbaAryDestruct
0x40103c None
0x401040 __vbaObjSet
0x401044 None
0x401048 _adj_fdiv_m16i
0x40104c None
0x401050 __vbaObjSetAddref
0x401054 _adj_fdivr_m16i
0x401058 None
0x40105c None
0x401060 None
0x401064 __vbaFpR8
0x401068 _CIsin
0x40106c __vbaChkstk
0x401070 EVENT_SINK_AddRef
0x401078 __vbaStrCmp
0x40107c __vbaAryConstruct2
0x401080 DllFunctionCall
0x401084 _adj_fpatan
0x401088 None
0x40108c EVENT_SINK_Release
0x401090 _CIsqrt
0x401098 __vbaExceptHandler
0x40109c None
0x4010a0 _adj_fprem
0x4010a4 _adj_fdivr_m64
0x4010a8 __vbaVarErrI4
0x4010ac __vbaI2Str
0x4010b0 __vbaFPException
0x4010b4 _CIlog
0x4010b8 None
0x4010bc __vbaErrorOverflow
0x4010c0 __vbaNew2
0x4010c4 None
0x4010c8 _adj_fdiv_m32i
0x4010cc None
0x4010d0 _adj_fdivr_m32i
0x4010d4 __vbaStrCopy
0x4010d8 __vbaFreeStrList
0x4010dc _adj_fdivr_m32
0x4010e0 None
0x4010e4 _adj_fdiv_r
0x4010e8 None
0x4010ec __vbaStrToAnsi
0x4010f0 None
0x4010f4 None
0x4010f8 __vbaFpI4
0x4010fc _CIatan
0x401100 __vbaStrMove
0x401104 __vbaAryCopy
0x401108 _allmul
0x40110c _CItan
0x401110 _CIexp
0x401114 __vbaFreeObj
0x401118 __vbaFreeStr

!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
beauin
!36`+R
)hQ3,'
x-x4Qy
1h:Fj3
:!Ov8~
:!xb%
D%,Lr4
D%,Lr4
rl*nuW
X8!GX<
x-,_C
>aCUIc
6JR9y6n
\7GN.~
QVw"ok
L"b!Do
ms\&i=
(4C/,3-8
i"oA0_?
: gXzy
0v]Wy!
=qHHjD
VB5!6&*
Microsoft Teams
beauin
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
kernel32
FindClose
advapi32.dll
CryptGetProvParam
shlwapi.dll
PathStripToRootA
wsock32.dll
WSAIsBlocking
GetFileAttributesA
REELERS
Ungdomsarbejdslsheders
VBA6.DLL
__vbaAryVar
__vbaAryCopy
__vbaFpI4
__vbaI2Str
__vbaStrCat
__vbaStrCmp
__vbaErrorOverflow
__vbaFreeStr
__vbaAryDestruct
__vbaFreeObjList
__vbaFreeVarList
__vbaObjSetAddref
__vbaFreeStrList
__vbaSetSystemError
__vbaStrCopy
__vbaStrToAnsi
__vbaObjSet
__vbaFpR8
__vbaGenerateBoundsError
__vbaStrVarMove
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaStrMove
__vbaFreeVar
__vbaVarErrI4
__vbaAryConstruct2
JhtnmJh
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaVarErrI4
__vbaI2Str
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
!#%%'++,-0
0:874'
%++,-00177
,,-1147788
'0147788:88
14778888441
-888:8744-
::874410%
74110-
:87110
#+''%#!!!
#+-0-,+! #
77400,%!!
--+'#!
8:71-+%
+710,'
uSuttRKKQRRtyRRuuuuuz
zRRRuuttSLSSSKKKKJL
XRRuSuzzz
RRRRSRLuuuuSKC
CKRKDJJKRSzzzz
tKLRSLKzzzuSKC
JRKKKLLKDKSzzzy
KKLRKKzzzuuL"
zRKJKRzzt
KKKKKKuzLKSML"KRLKL
uSRKKKtzztsDDJKLLzzRLLLLDRLLKDKuuuRRQKKz
DKKLKzzzzuEERR$$LLtuRRLRRQKt
KLKKKzzzzu""tR#$KKLLLKRSRRKKzJ
DKLLLKzzzzK"CyLEDDKLRRttSRRKKtJ
DKKLLKuSSL#
JzLK##KttutLutRRKRDCEKEKLL##"""
st%DKLLtutL
uLRLLDELLLKKL
"yL%KLu
uRLKLLLLKKKED"
"tL%$$u
uuRKRuuLKEEDDR)""#*R$$$#L
uuSSSz
uKtuuLLKDDKSS+$##tK$$#LuSMLMSu
KtuMLEKKLLRL#"
"yK#""KSSLEELLu
KJLuLDDDKL#"
JR"""#LLE##"#KSzuCCLtLDDDDK
#K""#$L$$##EKLuuK
DLECDDDD"#"""#)""""""#EEDKLtK
RRLL****KJJD#"""""#D"
CS+*))K**KKKKKKJJKJD
RR+#"#*"#JJJKQK
SS+#""K"
""DDJJDC
"""CDDCC
""#DDDDD
"#JJJD
"#JJD"""""C
"""#J#""""""C
""DD"""
q"C:\Progra
PRESIGNIFICANCY
Radiomodtagningen3
marmoromkrans
CUSTOM
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
Comments
Microsoft Teams
CompanyName
Microsoft Corporation
FileDescription
Microsoft Teams
LegalCopyright
Microsoft Corporation
LegalTrademarks
ProductName
Microsoft Teams
FileVersion
1.09.0032
ProductVersion
1.09.0032
InternalName
Microsoft Teams
OriginalFilename
Microsoft Teams
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.973c74057f1054e0
CAT-QuickHeal Clean
McAfee GuLoader-FCYD!973C74057F10
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZevbaCO.34126.gm0@a83rcGei
Cyren Clean
ESET-NOD32 a variant of Win32/GenKryptik.FJYE
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Trojan:Win32/GenKryptik.c82dfb97
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Fareit.nm
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft PWS:Win32/Fareit!ml
Cynet Clean
AhnLab-V3 Trojan/Win.Sabsik.C4622888
Acronis Clean
VBA32 Clean
MAX Clean
Malwarebytes Malware.AI.3279143673
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan.Win32.Krypt
eGambit Unsafe.AI_Score_100%
Fortinet W32/GenKryptik.FJYE!tr
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
CrowdStrike win/malicious_confidence_90% (W)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.