popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-07 16:16:45

PE Imphash

5aac9416dafd435c25e06c0aaa4273a3

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000c7e 0x00000e00 4.5365504767
.rdata 0x00002000 0x000005fa 0x00000600 4.73161162686
.data 0x00003000 0x00000421 0x00000600 5.09991496345
.rsrc 0x00004000 0x000001e0 0x00000200 4.70150325825
.reloc 0x00005000 0x00000054 0x00000200 1.25734615418

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004060 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x402000 EnumResourceTypesA
Library RPCRT4.dll:
0x402008 RpcRevertToSelf
Library SETUPAPI.dll:
0x402024 SetupDiDrawMiniIcon
0x402028 SetupSetSourceListA
Library WSOCK32.dll:
0x402078 getsockname
0x40207c ord1114
0x402080 getprotobynumber
0x402084 getservbyname
0x402088 ord1110
0x40208c gethostbyaddr
0x402090 socket
0x402094 WSASetLastError
Library WINMM.dll:
0x402058 waveOutGetPosition
0x40205c mmioSetBuffer
0x402060 WOW32DriverCallback
0x402064 midiStreamPause
0x402068 midiInOpen
0x40206c mxd32Message
0x402070 joyGetDevCapsW
Library rtutils.dll:
0x40209c TraceDeregisterA
0x4020a0 RouterLogRegisterW
0x4020a4 TraceVprintfExW
0x4020a8 LogErrorW
Library WININET.dll:
0x402038 HttpSendRequestW
0x40204c InternetOpenUrlW
0x402050 DeleteIE3Cache
Library USER32.dll:
0x402030 MessageBoxW
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
EnumResourceTypesA
KERNEL32.dll
NdrCorrelationInitialize
RpcRevertToSelf
RPCRT4.dll
SetupGetSourceFileLocationW
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoA
SetupDiGetSelectedDriverW
SetupDiDrawMiniIcon
SetupSetSourceListA
SETUPAPI.dll
WSOCK32.dll
waveOutGetPosition
joyGetDevCapsW
mmioSetBuffer
WOW32DriverCallback
midiStreamPause
midiInOpen
mxd32Message
WINMM.dll
MprSetupProtocolFree
LogErrorW
TraceVprintfExW
RouterLogRegisterW
TraceDeregisterA
rtutils.dll
InternetAttemptConnect
FindFirstUrlCacheContainerA
DeleteUrlCacheContainerA
HttpSendRequestW
HttpAddRequestHeadersW
InternetOpenUrlW
DeleteIE3Cache
WININET.dll
MessageBoxW
USER32.dll
SVWjuYjrXjlZjmf
Zjt^jk[jh_jrf
jgXj.Yjnf
XjeZjof
[jaXjrf
YjcXjlf
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
< <&<,<2<8<><D<J<P<V<\<b<h<n<t<z<
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.920134
FireEye Generic.mg.4f4126b538d7862b
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
Zillya Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Razy.920134
K7GW Clean
Cybereason malicious.fa1804
BitDefenderTheta Gen:NN.ZexaF.34126.auW@a8oJvyci
Cyren W32/Threat-HLLSI-based!Maximus
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Tencent Clean
Ad-Aware Gen:Variant.Razy.920134
TACHYON Clean
Emsisoft Gen:Variant.Razy.920134 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Clean
GData Gen:Variant.Razy.920134
Jiangmin Clean
eGambit Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Script/Phonzy.C!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
MAX malware (ai score=86)
VBA32 BScope.Trojan.Injects
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.83 (RDML:Sjzmfu2ZAy27Gdfpkb+aQA)
Yandex Clean
SentinelOne Static AI - Suspicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
Avast Clean
CrowdStrike win/malicious_confidence_90% (D)
No IRMA results available.