Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00000c40	0x00000e00	4.45896632252
.rdata	0x00002000	0x0000054a	0x00000600	4.28545070113
.data	0x00003000	0x00000437	0x00000600	5.15824745633
.rsrc	0x00004000	0x000001e0	0x00000200	4.70150325825
.reloc	0x00005000	0x00000040	0x00000200	0.933534643019

Name

Virtual Address

Virtual Size

Size of Raw Data

Entropy

.text

0x00001000

0x00000c40

0x00000e00

4.45896632252

.rdata

0x00002000

0x0000054a

0x00000600

4.28545070113

.data

0x00003000

0x00000437

0x00000600

5.15824745633

.rsrc

0x00004000

0x000001e0

0x00000200

4.70150325825

.reloc

0x00005000

0x00000040

0x00000200

0.933534643019

Name	Offset	Size	Language	Sub-language	File type
RT_MANIFEST	0x00004060	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	XML 1.0 document text

Name

Offset

Size

Language

Sub-language

File type

RT_MANIFEST

0x00004060

0x0000017d

LANG_ENGLISH

SUBLANG_ENGLISH_US

XML 1.0 document text

!This program cannot be run in DOS mode.

`.rdata

@.data

@.reloc

.text$mn

.idata$5

.rdata

.rdata$zzzdbg

.idata$2

.idata$3

.idata$4

.idata$6

.rsrc$01

.rsrc$02

FindFirstUrlCacheEntryExW

GetUrlCacheEntryInfoA

InternetGoOnline

FtpRemoveDirectoryW

FindFirstUrlCacheContainerA

GetUrlCacheHeaderData

IncrementUrlCacheHeaderData

WININET.dll

acmDriverMessage

acmFilterEnumW

MSACM32.dll

ResUtilSetPropertyParameterBlock

ResUtilAddUnknownProperties

ResUtilFindSzProperty

ResUtilStopResourceService

ResUtilGetResourceNameDependency

RESUTILS.dll

CoGetClassObjectFromURL

Extract

HlinkSimpleNavigateToString

URLDownloadToFileW

URLOpenPullStreamW

RegisterMediaTypeClass

urlmon.dll

GetOpenFileNameA

GetOpenFileNameW

ReplaceTextA

ChooseColorW

FindTextW

FindTextA

COMDLG32.dll

CoInstall

ole32.dll

SVWjuZjrXjlYjmf

Xjn_j.f

YjxXjs^jyf

Xji[jhf

Xj.Yjnf

XjeZjkf

<?xml version='1.0' encoding='UTF-8' standalone='yes'?>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

<$<*<0<6<<<

Antivirus	Signature
Bkav	W32.AIDetect.malware2
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Razy.920134
FireEye	Generic.mg.d1afdf5f45a0fe6b
CAT-QuickHeal	Clean
ALYac	Clean
Cylance	Unsafe
VIPRE	Clean
Sangfor	Clean
K7AntiVirus	Clean
BitDefender	Gen:Variant.Razy.920134
K7GW	Clean
Cybereason	malicious.a81db0
BitDefenderTheta	Gen:NN.ZexaF.34126.auW@aCXg6nei
Cyren	W32/Trojan.ELIG-5001
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.FVZ
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	VHO:Trojan.Win64.Convagent.gen
Alibaba	Clean
NANO-Antivirus	Virus.Win32.Gen.ccmw
ViRobot	Clean
Tencent	Clean
Ad-Aware	Gen:Variant.Razy.920134
Emsisoft	Gen:Variant.Razy.920134 (B)
Baidu	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	Clean
CMC	Clean
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI - Malicious PE
GData	Gen:Variant.Razy.920134
Jiangmin	Clean
MaxSecure	Trojan.Malware.300983.susgen
Avira	Clean
MAX	malware (ai score=80)
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
Microsoft	Trojan:Win32/Tnega.RVT!MTB
Cynet	Malicious (score: 100)
AhnLab-V3	Clean
Acronis	suspicious
McAfee	Clean
TACHYON	Clean
VBA32	BScope.Trojan.Injects
Malwarebytes	Clean
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Trojan.Generic@ML.85 (RDML:CWjK5OM8Br6eNWqPSvxMMA)
Yandex	Clean
Ikarus	Clean
eGambit	Clean
Fortinet	W32/Agent.FVZ!tr
Webroot	Clean
AVG	Win32:TrojanX-gen [Trj]
Avast	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_80% (D)

Antivirus

Signature

Bkav

W32.AIDetect.malware2

Lionic

Clean

Elastic

malicious (high confidence)

MicroWorld-eScan

Gen:Variant.Razy.920134

FireEye

Generic.mg.d1afdf5f45a0fe6b

CAT-QuickHeal

Clean

ALYac

Clean

Cylance

Unsafe

VIPRE

Clean

Sangfor

Clean

K7AntiVirus

Clean

BitDefender

Gen:Variant.Razy.920134

K7GW

Clean

Cybereason

malicious.a81db0

BitDefenderTheta

Gen:NN.ZexaF.34126.auW@aCXg6nei

Cyren

W32/Trojan.ELIG-5001

Symantec

ML.Attribute.HighConfidence

ESET-NOD32

a variant of Win32/TrojanDownloader.Agent.FVZ

APEX

Malicious

Paloalto

Clean

ClamAV

Clean

Kaspersky

VHO:Trojan.Win64.Convagent.gen

Alibaba

Clean

NANO-Antivirus

Virus.Win32.Gen.ccmw

ViRobot

Clean

Tencent

Clean

Ad-Aware

Gen:Variant.Razy.920134

Emsisoft

Gen:Variant.Razy.920134 (B)

Baidu

Clean

F-Secure

Clean

DrWeb

Clean

Zillya

Clean

TrendMicro

Clean

McAfee-GW-Edition

Clean

CMC

Clean

Sophos

Generic ML PUA (PUA)

SentinelOne

Static AI - Malicious PE

GData

Gen:Variant.Razy.920134

Jiangmin

Clean

MaxSecure

Trojan.Malware.300983.susgen

Avira

Clean

MAX

malware (ai score=80)

Antiy-AVL

Clean

Kingsoft

Clean

Gridinsoft

Clean

Arcabit

Clean

SUPERAntiSpyware

Clean

ZoneAlarm

Clean

Microsoft

Trojan:Win32/Tnega.RVT!MTB

Cynet

Malicious (score: 100)

AhnLab-V3

Clean

Acronis

suspicious

McAfee

Clean

TACHYON

Clean

VBA32

BScope.Trojan.Injects

Malwarebytes

Clean

Panda

Clean

Zoner

Clean

TrendMicro-HouseCall

Clean

Rising

Trojan.Generic@ML.85 (RDML:CWjK5OM8Br6eNWqPSvxMMA)

Yandex

Clean

Ikarus

Clean

eGambit

Clean

Fortinet

W32/Agent.FVZ!tr

Webroot

Clean

AVG

Win32:TrojanX-gen [Trj]

Avast

Win32:TrojanX-gen [Trj]

CrowdStrike

win/malicious_confidence_80% (D)

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports