popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-06 16:24:49

PE Imphash

fa91405d30e4548924d9a2da4a39197c

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000014a 0x00000200 3.32835883226
.rdata 0x00002000 0x00000712 0x00000800 4.30963605062
.data 0x00003000 0x00000440 0x00000600 5.17745987523
.rsrc 0x00004000 0x000001e0 0x00000200 4.70150325825
.reloc 0x00005000 0x00000064 0x00000200 1.43853970045

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x402014 VirtualAlloc
0x402018 VirtualProtect
Library MPR.dll:
0x40203c WNetAddConnection3A
0x402048 WNetAddConnection2W
Library MSVFW32.dll:
0x402078 DrawDibRealize
0x40207c ICImageDecompress
0x402080 DrawDibEnd
Library AVIFIL32.dll:
0x402004 AVIStreamFindSample
0x402008 AVIStreamRelease
0x40200c EditStreamClone
Library SHELL32.dll:
0x402098 SHGetDesktopFolder
0x40209c ShellExecuteW
0x4020a0 ExtractIconEx
Library MSACM32.dll:
0x402050 acmDriverAddA
0x402054 acmFormatSuggest
0x402058 acmFormatEnumA
0x40205c acmDriverDetailsA
0x402060 acmFormatDetailsW
0x402064 XRegThunkEntry
0x402068 acmFormatTagEnumA
0x40206c acmStreamMessage
0x402070 acmFormatDetailsA
Library mscms.dll:
0x4020b0 TranslateBitmapBits
0x4020b4 GetCMMInfo
Library msi.dll:
0x4020c0 None
0x4020c4 None
0x4020c8 None
0x4020cc None
0x4020d0 None
0x4020d4 None
Library MAPI32.dll:
0x402020 None
0x402024 None
0x402028 None
0x40202c None
Library SETUPAPI.dll:
Library USER32.dll:
0x4020a8 MessageBoxW
!This program cannot be run in DOS mode.
)RichV
`.rdata
@.data
@.reloc
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
VirtualProtect
VirtualAlloc
KERNEL32.dll
WNetGetResourceInformationA
WNetCancelConnection2W
WNetAddConnection3A
WNetGetNetworkInformationA
WNetConnectionDialog
WNetAddConnection2W
MPR.dll
ICImageDecompress
EditStreamClone
DrawDibRealize
AVIStreamFindSample
AVIStreamRelease
AVIStreamSampleToTime
DrawDibEnd
MSVFW32.dll
AVIFIL32.dll
ExtractIconEx
ShellExecuteW
SHGetDesktopFolder
SHELL32.dll
acmFormatEnumA
acmDriverDetailsA
acmFormatDetailsW
XRegThunkEntry
acmFormatTagEnumA
acmStreamMessage
acmFormatDetailsA
acmFormatSuggest
acmDriverAddA
MSACM32.dll
TranslateBitmapBits
GetColorProfileHeader
GetCMMInfo
mscms.dll
msi.dll
MAPI32.dll
SetupDiGetHwProfileFriendlyNameExA
SetupQueueDeleteSectionW
SetupDiRemoveDeviceInterface
SETUPAPI.dll
MessageBoxW
USER32.dll
SVWjuXjrf
Xjl_jmZjo[jn^j.f
XjdYjvf
YjgXj.f
ZjkXjof
^jrXjff
YjoXjrf
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0,0;0G0V0\0b0h0n0t0z0
1"1(1.141:1@1F1
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.d16088a5dce52983
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
VIPRE Lookslike.Win32.Sirefef.c!ag (v)
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason malicious.8f9c55
Baidu Clean
Cyren Clean
Symantec Clean
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FVU
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan.Win64.Injects
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Clean
Jiangmin Clean
MaxSecure Trojan.Malware.300983.susgen
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.34126.auW@aOt23Bhi
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.90 (RDML:QitSBVLx5WW+JL7snoY5eA)
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Clean
Fortinet Clean
Webroot Clean
AVG Win32:MalwareX-gen [Trj]
Avast Win32:MalwareX-gen [Trj]
CrowdStrike win/malicious_confidence_70% (D)
No IRMA results available.