popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-06 09:40:13

PE Imphash

1f83362a57e6d6a2f15132c167d7f42c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000000d2 0x00000200 2.48045095804
.rdata 0x00002000 0x0000045c 0x00000600 3.56882948045
.data 0x00003000 0x00000425 0x00000600 5.10481648085
.rsrc 0x00004000 0x00027bf8 0x00027c00 5.05491240715
.reloc 0x0002c000 0x0000003c 0x00000200 0.826129241838

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x0002b598 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0002ba00 0x00000076 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x0002ba78 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x402010 WriteFile
0x402018 VirtualAlloc
0x40201c VirtualProtect
Library MPR.dll:
0x402028 WNetUseConnectionA
0x402030 WNetGetLastErrorA
0x402034 WNetAddConnection3W
Library WINSPOOL.DRV:
0x402048 EnumMonitorsW
0x40204c None
0x402058 EnumPortsA
0x40205c GetJobW
0x402060 AddPortA
Library GDI32.dll:
0x402000 ExtEscape
0x402004 Escape
0x402008 SetMapperFlags
Library msi.dll:
0x402068 None
0x40206c None
0x402070 None
Library USER32.dll:
0x402040 MessageBoxW
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
GetFileInformationByHandle
FileTimeToSystemTime
WriteFile
VirtualProtect
VirtualAlloc
KERNEL32.dll
WNetAddConnection3W
WNetGetLastErrorA
WNetCancelConnection2W
WNetUseConnectionA
WNetGetUniversalNameA
MPR.dll
AddPortA
EnumPortsA
FindNextPrinterChangeNotification
GetJobW
GetPrintProcessorDirectoryA
EnumMonitorsW
WINSPOOL.DRV
ExtEscape
SetMapperFlags
Escape
GDI32.dll
msi.dll
MessageBoxW
USER32.dll
SVWjuXjr[jlYjmf
YjqXjsZjjf
Xjg^jyf
Xja_jhf
[jiZjmXj.f
^jnXjeYjkf
^jcXjlf
777]eee
<<<r))1
222^DDD
***N"""i"""i"""i"""i"""i"""i"""i"""i"""i"""i"""i"""i"""i!!!i
XXXggg
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0,0;0G0V0\0b0h0n0t0z0
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Convagent.4!c
Elastic Clean
MicroWorld-eScan Clean
FireEye Generic.mg.04980596d6695116
CAT-QuickHeal Clean
ALYac Spyware.LokiBot
Cylance Unsafe
VIPRE Lookslike.Win32.Sirefef.c!ag (v)
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Gen:NN.ZexaF.34126.kuW@am8F78mi
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FVT
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky VHO:Backdoor.Win32.Androm.utsr
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@ML.94 (RDML:4uzG9cMK7z0mk7kpKzyjTw)
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownLoader42.26571
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!PUP
CMC Clean
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Clean
Jiangmin Clean
Webroot Clean
Avira TR/Dropper.Gen2
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm not-a-virus:HEUR:NetTool.Win32.Generic
Microsoft Trojan:Win32/Kryptik!MSR
Cynet Malicious (score: 99)
AhnLab-V3 Clean
Acronis suspicious
McAfee Artemis!04980596D669
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet W32/Agent.FVT!tr.dldr
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike Clean
MaxSecure Clean
No IRMA results available.