popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-08 17:32:47

PDB Path

c                                          b

PE Imphash

0ff2683f34ebbb5dddc196a1ae798848

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000c0a 0x00000e00 5.1945020327
.rdata 0x00002000 0x000009bd 0x00000a00 4.39793039574
.data 0x00003000 0x0000003c 0x00000200 0.0203931352361
.rsrc 0x00004000 0x000001b4 0x00000200 5.09797908882
.reloc 0x00005000 0x00000176 0x00000200 4.93297395132

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x4020bc StrCmpNW
0x4020c0 PathFileExistsW
0x4020c4 StrStrIW
Library MSVCRT.dll:
0x402074 _onexit
0x402078 __dllonexit
0x40207c _controlfp
0x402080 _except_handler3
0x402084 __set_app_type
0x402088 __p__fmode
0x40208c __p__commode
0x402090 _adjust_fdiv
0x402094 __setusermatherr
0x402098 _initterm
0x40209c __getmainargs
0x4020a0 _acmdln
0x4020a4 exit
0x4020a8 wcslen
0x4020ac wcscmp
0x4020b0 _XcptFilter
0x4020b4 _exit
Library KERNEL32.dll:
0x402020 GetStartupInfoA
0x402024 GetModuleHandleA
0x402028 CreateMutexA
0x40202c GetLastError
0x402030 ExitProcess
0x402034 GetModuleFileNameW
0x40203c CopyFileW
0x402040 CreateThread
0x402044 Sleep
0x402048 ExitThread
0x40204c SetFileAttributesW
0x402050 DeleteFileW
0x402054 HeapFree
0x402058 HeapAlloc
0x40205c GetProcessHeap
0x402060 lstrcpyW
0x402064 QueryDosDeviceW
0x402068 GetDriveTypeW
0x40206c GetLogicalDrives
Library USER32.dll:
0x4020cc wsprintfW
Library ADVAPI32.dll:
0x402000 RegSetValueExW
0x402004 RegQueryValueExW
0x402008 RegOpenKeyExW
0x40200c RegQueryInfoKeyW
0x402010 RegEnumValueW
0x402014 RegDeleteValueW
0x402018 RegCloseKey
!This program cannot be run in DOS mode.
Richb2K
`.rdata
@.data
@.reloc
PhorpiexRemover
StrStrIW
StrCmpNW
PathFileExistsW
SHLWAPI.dll
wcslen
wcscmp
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
DeleteFileW
SetFileAttributesW
ExitThread
CreateThread
CopyFileW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ADVAPI32.dll
c b
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0F0e0l0
1F1e1l1
2F2e2l2
3F3e3l3
4(565Y5c5
7*7H7Y7_7k7x7
7"8/8<8G8
9R9X9b9g9
;@;R;X;^;d;j;p;v;|;
jjjjjjj
jjjjjjj
jjjjjjj
jjjjjjj
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Service
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Client Server Runtime
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Host Process for Windows
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Desktop Window Mana
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
%s\%s\DriveMgr.exe
r%userprofile%
%ls\PhorpiexRemover.exe
%ls:Zone.Identifier
Software\Microsoft\Windows\CurrentVersion\Run\
Phorpiex Remover
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37555957
CMC Clean
CAT-QuickHeal Clean
McAfee RDN/Generic.cf
Malwarebytes Clean
Sangfor Clean
CrowdStrike Clean
BitDefender Trojan.GenericKD.37555957
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta AI:Packer.5E44C1E31F
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Zonidel.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Rising Trojan.Generic@ML.94 (RDMK:2qDcxafKdfiFyvByQxZXjw)
Ad-Aware Trojan.GenericKD.37555957
Emsisoft Trojan.GenericKD.37555957 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.xm
FireEye Generic.mg.400c88f0603d79c0
Sophos Clean
SentinelOne Static AI - Suspicious PE
GData Trojan.GenericKD.37555957
Jiangmin Clean
Webroot Clean
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=87)
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Generic.D23D0EF5
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Script/Phonzy.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 BScope.Trojan.Tiggre
ALYac Gen:Heur.Mint.Zard.39
TACHYON Clean
Cylance Unsafe
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Trojan.Crypt
eGambit Clean
Fortinet W32/PossibleThreat
AVG Win32:Malware-gen
Avast Win32:Malware-gen
MaxSecure Clean
No IRMA results available.