popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-09 16:31:28

PE Imphash

f0cc030bb7973df4137d34f314ff314a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001ac6 0x00001c00 4.31934504774
.rdata 0x00003000 0x00000774 0x00000800 4.59334237045
.data 0x00004000 0x00000514 0x00000600 5.51995318837
.00cfg 0x00005000 0x00000004 0x00000200 0.0611628522412
.rsrc 0x00006000 0x000012f8 0x00001400 4.74635893501
.reloc 0x00008000 0x000005ac 0x00000600 6.51471399743

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00006238 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x000072e0 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000060f0 0x00000143 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library MSWSOCK.dll:
0x403408 EnumProtocolsW
0x40340c GetAddressByNameW
0x403410 GetNameByTypeW
0x403414 GetServiceW
0x403418 GetTypeByNameW
0x40341c dn_expand
0x403420 getnetbyname
0x403424 inet_network
0x403428 s_perror
Library wsnmp32.dll:
0x403430 None
0x403434 None
0x403438 None
0x40343c None
0x403440 None
0x403444 None
0x403448 None
0x40344c None
Library ODBC32.dll:
0x403454 CollectODBCPerfData
0x403458 CursorLibLockDesc
0x40345c None
0x403460 None
0x403464 None
0x403468 None
0x40346c None
Library WINMM.dll:
0x403474 joyGetNumDevs
0x403478 midiConnect
0x40347c midiInGetErrorTextW
0x403480 midiOutLongMsg
0x403484 mixerGetID
Library AVIFIL32.dll:
0x403498 AVIStreamInfo
Library MSVFW32.dll:
0x4034a4 ICInfo
Library MPR.dll:
0x4034b0 WNetEnumResourceW
0x4034bc WNetGetUserA
Library KERNEL32.dll:
0x4034c4 VirtualProtect
Library USER32.dll:
0x4034cc GetDC
0x4034d0 GrayStringA
0x4034d4 MessageBoxA
!This program cannot be run in DOS mode.$
`.rdata
@.data
.00cfg
@.rsrc
@.reloc
EnumProtocolsW
GetAddressByNameW
GetNameByTypeW
GetServiceW
GetTypeByNameW
dn_expand
getnetbyname
inet_network
s_perror
CollectODBCPerfData
CursorLibLockDesc
joyGetNumDevs
midiConnect
midiInGetErrorTextW
midiOutLongMsg
mixerGetID
waveOutGetErrorTextA
AVIFileCreateStreamA
AVIStreamGetFrameOpen
AVIStreamInfo
AVIStreamTimeToSample
ICInfo
WNetConnectionDialog1W
WNetEnumResourceW
WNetGetProviderNameA
WNetGetResourceInformationA
WNetGetUserA
VirtualProtect
GrayStringA
MessageBoxA
MSWSOCK.dll
wsnmp32.dll
ODBC32.dll
WINMM.dll
AVIFIL32.dll
MSVFW32.dll
MPR.dll
KERNEL32.dll
USER32.dll
SVWjuXjrZjlYjmf
Xj.[jd_jh^jzf
ju^jgXjef
YjmXjAf
<?xml version="1.0" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1"
manifestVersion="1.0">
<trustInfo>
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false'/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0#0+0_0*121:1
3"3)353>3C3Q3[3e3o3y3
4!4+454?4I4S4]4g4q4{4
5%5/595C5M5W5a5k5u5
66)636=6G6Q6[6e6o6y6
7$7.787B7L7V7`7j7t7~7
8(828<8G8M8S8]8g8q8{8
9#949:9D9N9X9b9l9v9
:":,:6:@:J:T:^:h:r:|:
;&;0;:;D;N;X;b;l;v;
< <*<4<><H<R<\<f<p<z<
=$=.=8=B=L=V=`=j=t=~=
>(>2><>F>P>Z>d>n>x>
?"?,?6?@?J?T?^?h?r?|?
0&000:0D0N0X0b0l0v0
1 1*141>1H1R1\1f1p1z1
2$2.282B2L2V2`2j2t2~2
3(323<3F3P3Z3d3n3x3
4"4,464@4J4T4^4h4r4|4
5 5%5+565>5D5N5X5a5g5m5r5w5|5
6&6,656:6B6G6L6T6Y6^6d6o6w6}6
7&7,757:7B7G7L7T7Y7^7d7o7w7}7
8#8)838=8F8L8R8W8]8g8p8u8}8
9!9+959>9D9J9O9T9Y9a9f9k9s9x9}9
: :&:,:2:8:>:D:J:P:V:\:b:h:n:t:z:
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee RDN/Generic.grp
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Gen:Variant.Razy.921709
K7GW Clean
CrowdStrike win/malicious_confidence_70% (W)
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Agent.FWI
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky Backdoor.Win32.Remcos.tth
Alibaba Backdoor:Win32/Remcos.a995b80d
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Variant.Razy.921709
Rising Trojan.Generic@ML.80 (RDML:lv00IVAK+STScp+QI22yaw)
Ad-Aware Gen:Variant.Razy.921709
Emsisoft Gen:Variant.Razy.921709 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Emotet.lm
FireEye Generic.mg.09abff7fd37311b3
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Variant.Razy.921709
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=86)
Antiy-AVL Clean
Kingsoft Win32.Hack.Remcos.t.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Razy.DE106D
ViRobot Clean
ZoneAlarm Backdoor.Win32.Remcos.tth
Microsoft Trojan:Win32/Tnega.VAM!MTB
AhnLab-V3 Trojan/Win.Tnega.C4628818
Acronis Clean
VBA32 BScope.Trojan.Injects
ALYac Gen:Variant.Razy.921709
TACHYON Clean
Malwarebytes Clean
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan-downloader.Agent.Hfn
Yandex Clean
Ikarus Win32.Outbreak
MaxSecure Clean
Fortinet W32/Agent.FWI!tr.dldr
BitDefenderTheta Gen:NN.ZexaCO.34142.byW@a8DwyUei
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
No IRMA results available.