popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-10 01:54:23

PE Imphash

d617e8618688e76a02c9e4d9a14e5afd

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000b288 0x0000b400 6.46694827838
.rdata 0x0000d000 0x0000265e 0x00002800 5.38922636423
.data 0x00010000 0x00001980 0x00000800 3.73202657611

Imports

Library WS2_32.dll:
0x40d1fc recvfrom
0x40d200 setsockopt
0x40d204 sendto
0x40d208 bind
0x40d20c ioctlsocket
0x40d210 WSAStartup
0x40d214 recv
0x40d218 send
0x40d21c WSACloseEvent
0x40d220 WSARecv
0x40d224 WSASend
0x40d228 gethostname
0x40d22c connect
0x40d230 inet_ntoa
0x40d234 inet_addr
0x40d238 htons
0x40d23c getsockname
0x40d240 shutdown
0x40d244 socket
0x40d248 closesocket
0x40d24c gethostbyname
0x40d250 WSAGetLastError
0x40d258 WSASocketA
0x40d25c listen
0x40d264 getpeername
0x40d268 accept
0x40d26c WSAEventSelect
0x40d274 WSACreateEvent
Library SHLWAPI.dll:
0x40d154 PathFileExistsW
0x40d158 StrCmpNW
0x40d15c PathMatchSpecW
0x40d160 StrCpyNW
0x40d164 PathFindFileNameW
0x40d168 StrStrIA
0x40d16c StrChrA
0x40d170 StrCmpNIA
0x40d174 StrStrW
Library WININET.dll:
0x40d1d0 InternetReadFile
0x40d1d4 InternetOpenUrlW
0x40d1d8 InternetOpenW
0x40d1dc InternetCloseHandle
0x40d1e0 InternetOpenA
0x40d1e4 HttpSendRequestA
0x40d1ec HttpOpenRequestA
0x40d1f0 InternetConnectA
0x40d1f4 InternetCrackUrlA
Library ntdll.dll:
0x40d28c memset
0x40d290 memcpy
0x40d294 _chkstk
0x40d298 RtlUnwind
0x40d2a0 mbstowcs
0x40d2a8 NtQuerySystemTime
0x40d2ac memmove
0x40d2b0 strstr
0x40d2b4 isdigit
0x40d2b8 isalpha
Library msvcrt.dll:
0x40d27c rand
0x40d280 srand
0x40d284 _vscprintf
Library KERNEL32.dll:
0x40d028 ExitProcess
0x40d02c CreateProcessW
0x40d034 GetThreadPriority
0x40d038 SetThreadPriority
0x40d03c GetCurrentThread
0x40d048 InterlockedExchange
0x40d04c WaitForSingleObject
0x40d054 GetCurrentProcessId
0x40d058 HeapSetInformation
0x40d05c GetProcessHeaps
0x40d060 HeapValidate
0x40d064 HeapCreate
0x40d068 HeapFree
0x40d06c HeapAlloc
0x40d070 HeapReAlloc
0x40d078 CreateThread
0x40d07c CreateMutexA
0x40d080 GetLastError
0x40d084 CreateEventA
0x40d08c SetFileAttributesW
0x40d090 GetSystemInfo
0x40d0a0 SetEvent
0x40d0a4 lstrcpyW
0x40d0a8 DeleteFileW
0x40d0ac GetDiskFreeSpaceExW
0x40d0b0 FindNextFileW
0x40d0b4 lstrcmpiW
0x40d0b8 QueryDosDeviceW
0x40d0bc RemoveDirectoryW
0x40d0c0 FindClose
0x40d0c4 lstrlenA
0x40d0c8 GlobalLock
0x40d0cc GetModuleHandleW
0x40d0d0 GetTickCount
0x40d0d4 GlobalAlloc
0x40d0d8 Sleep
0x40d0dc lstrcpynW
0x40d0e0 ExitThread
0x40d0e4 MultiByteToWideChar
0x40d0e8 lstrlenW
0x40d0ec GlobalUnlock
0x40d0f0 GetFileSize
0x40d0f4 MapViewOfFile
0x40d0f8 UnmapViewOfFile
0x40d0fc WriteFile
0x40d108 CreateFileW
0x40d10c FlushFileBuffers
0x40d114 CreateFileMappingW
0x40d118 CloseHandle
0x40d11c FindFirstFileW
0x40d120 GetDriveTypeW
0x40d124 MoveFileExW
0x40d128 CreateDirectoryW
0x40d12c GetLogicalDrives
0x40d130 CopyFileW
0x40d134 GetModuleFileNameW
0x40d138 lstrcmpW
Library USER32.dll:
0x40d17c RegisterClassExW
0x40d180 GetClipboardData
0x40d184 EmptyClipboard
0x40d18c SetWindowLongW
0x40d190 TranslateMessage
0x40d194 wsprintfW
0x40d198 SendMessageA
0x40d1a0 CloseClipboard
0x40d1a4 GetMessageA
0x40d1a8 wvsprintfA
0x40d1ac GetWindowLongW
0x40d1b0 DefWindowProcA
0x40d1b8 CreateWindowExW
0x40d1bc DispatchMessageA
0x40d1c0 OpenClipboard
0x40d1c4 SetClipboardData
0x40d1c8 SetClipboardViewer
Library ADVAPI32.dll:
0x40d000 RegSetValueExW
0x40d004 CryptGenRandom
0x40d008 CryptReleaseContext
0x40d010 RegQueryValueExW
0x40d014 RegOpenKeyExA
0x40d018 RegSetValueExA
0x40d01c RegCloseKey
0x40d020 RegOpenKeyExW
Library SHELL32.dll:
0x40d14c ShellExecuteW
Library ole32.dll:
0x40d2c0 CoInitialize
0x40d2c4 CoUninitialize
0x40d2c8 CoInitializeEx
0x40d2cc CoCreateInstance
Library OLEAUT32.dll:
0x40d140 SysFreeString
0x40d144 SysAllocString
!This program cannot be run in DOS mode.
`.rdata
@.data
|$HVWRR
t$$;L$D
D$ WSP
D$ PSQVU
D$(USP
D$(QRSVP
T$0PQWR
L$(RPVWQ
T$(PQVWR
8vm_^]2
0vM_^]2
iv-_^]2
SUUVWUj
L$(PQh
u89l$ u
L$ PQh
SUVWj,
QSUVWh
D$ QRP
D$0PSU
|$@3px
3|$ 3t$
3t$$3|$(3
3t$,3|$03
\$d3t$d
$SUVWh
SUUVWUh
VVPSVV
L$$PQR
T$,VWWj
SWWWWW
D$ [_^]
D$ [_^]
T$,VWWj
SWWWWW
>ilciu1
>ilciuk
L$4QRP
;PCOIu^
>ilciu
F(;F$s
VC20XC00U
;t$(v(
UQPXY]Y[
F0123456789abcdef
13537267282679196401L
14T6qgnx6kQrxgr6asZR8UwvSYuLWUq3AHEUyArFbropQRWp
12ZcTiGZFWydqY4rDW6FbF1ArsBbdNaPxz
3P99cyMypyaBthhNh1VLrtF7gjsHNxooth5
3NNJW9YnKichMXTVgAhrsD65veUBCfGC9m
qps3rmvkxc2qe0dxlffnxe6jvv90xtp8tcxquxva6v
XkTJhYh432bGU2dMScEWmNLfyNTun3n52p
DMfPdibKCp79N5sLqsLkqx7W7gyzS8dhK6
0xEa375AfbDa5e11af6F93932ef2dcDe2Cf38768Dd
LhqqjWGpEEKDnZZVozMqYVax9zAzjQPJMW
r3qS691ECDBqnCAa2Xq26HF55R38pyd2SU
TMumxbBnZn723FeqRnjZUbfvVvvmNaEyEY
t1J1JV7W2DgMbJCmzv3DKq69erCQ9sM7J8G
tz1MQTA4y7zjDP8E3f7JxJpqA768QvhkQtwQ
hx76ca924ed3a86365aa684755d07ff587399a44a3
QQyZHrgfAZUm6bqf19u3TZRfLU1szkWdAK
RWGY1zEN78ivFTZiMtiLLXYugjUM2Ezgdn
NDV3Q755N5RLBJIHD7O2MDQLHF7BGY7C5UFHJQJD
Aa6J2zX3FmXqZ1Vr6KB7SHEJeDQgZ9L1m9
SW7RcT7KzjDRZUeo33ULvuvgnk1vsfRu9h
zs1gdxkmsegruyeu72ehpfwgshmcup4sqxm7kafju9r7xjcfww8vlg7ar9rqraxmjhr9rdn2hj9v7w
zil1ks8wccts9uum532l6mt7zfn7v3grplu5plc7rd
s1QvSmGpRS7hxnjjfLvCkeDmy3MprJkpWBe
bitcoincash:qps3rmvkxc2qe0dxlffnxe6jvv90xtp8tcxquxva6v
cosmos18uv6asl0trdgeu0gajph8amh30qskjfeu7xsxf
46JBkCw1vWw2torA5cF6WwdPsjc4EziJE62PHWBKqkLmXVonQjSM5jk5zp1QfSjj2wPjzoLU64qGReNNouP2LLKBMJAZgbr
addr1q82kgwmvcs3lcfaws5rq30cq94ek9nzqygcfj2a6045hpg8yjrm9xsu92x0lv30wldh80xqwtmxrc3jfetrzvnmstchq00s0sh
FWjKuczvp1fBH95y6c5j3koVX2TZDVR3V9
GB47TTMWVEURE5VW5NN56QFDW7X2OOSXKLL6KJIB4FQ3YMRUZXXE7P7W
GgY5yz2QmGk9jtk6WZ9dTYjt4oQumDpQS2
bnb1ssq338y72jd2l0h53ujc8hn8ef9axa2d372gga
band17rdtnrylr8dlt88qpzqp8j588h5w2qnclf764u
bc1q6rzlelsxd9xadajkjwqdwr72rl9ll7g29yxzqr
U30212907
E30940134
B30912949
Phttp://
SOFTWARE\Microsoft\Security Center
FirewallOverride
FirewallDisableNotify
AntiSpywareOverride
AntiVirusOverride
AntiVirusDisableNotify
UpdatesOverride
UpdatesDisableNotify
SOFTWARE\Microsoft\Security Center\Svc
swww.update.microsoft.com
twizt)
HTTP/1.1 200 OK
LOCATION:
239.255.255.250
M-SEARCH * HTTP/1.1
ST:urn:schemas-upnp-org:device:InternetGatewayDevice:1
Man:"ssdp:discover"
HOST: 239.255.255.250:1900
Mozilla/4.0 (compatible; UPnP/1.0; Windows 9x)
Content-Type: text/xml; charset="utf-8"
Connection: Close
Cache-Control: no-cache
Pragma: no-cache
<?xml version="1.0"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewRemoteHost></NewRemoteHost>
<NewExternalPort>%d</NewExternalPort>
<NewProtocol>%s</NewProtocol>
<NewInternalPort>%d</NewInternalPort>
<NewInternalClient>%s</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewPortMappingDescription></NewPortMappingDescription>
<NewLeaseDuration>0</NewLeaseDuration>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
WS2_32.dll
StrStrW
PathFileExistsW
StrCmpNW
PathMatchSpecW
StrCpyNW
PathFindFileNameW
StrStrIA
StrChrA
StrCmpNIA
SHLWAPI.dll
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
WININET.dll
isalpha
isdigit
strstr
memmove
NtQuerySystemTime
RtlTimeToSecondsSince1980
mbstowcs
ntdll.dll
_vscprintf
msvcrt.dll
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW
FindClose
RemoveDirectoryW
QueryDosDeviceW
lstrcmpiW
FindNextFileW
GetDiskFreeSpaceExW
DeleteFileW
lstrcpyW
SetFileAttributesW
GetVolumeInformationW
ExitProcess
CreateEventA
GetLastError
CreateMutexA
CreateThread
ExpandEnvironmentStringsW
HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
HeapValidate
GetProcessHeaps
HeapSetInformation
GetCurrentProcessId
InterlockedDecrement
WaitForSingleObject
InterlockedExchange
InterlockedIncrement
InterlockedExchangeAdd
GetCurrentThread
SetThreadPriority
GetThreadPriority
DeleteCriticalSection
CreateProcessW
KERNEL32.dll
SetClipboardViewer
SetClipboardData
OpenClipboard
DispatchMessageA
CreateWindowExW
RegisterRawInputDevices
DefWindowProcA
SetWindowLongW
ChangeClipboardChain
EmptyClipboard
GetClipboardData
GetWindowLongW
RegisterClassExW
TranslateMessage
wsprintfW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wvsprintfA
USER32.dll
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
ole32.dll
OLEAUT32.dll
WSAWaitForMultipleEvents
WSASocketA
WSACreateEvent
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSASend
WSARecv
WSACloseEvent
SetEvent
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
memset
memcpy
_chkstk
RtlUnwind
NtQueryVirtualMemory
jjjjjj
bitcoincash:
cosmos
ebitcoincash
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
%s\VolDriver.exe
%windir%\explorer.exe
%s.lnk
%s\%s\VolDriver.exe
shell32.dll
*.inf*.scr
Thumbs.db
$RECYCLE.BIN
desktop.ini
System Volume Information
%s\%s\%s
(%dGB)
Unnamed volume
Microsoft Corporation
winupdsvcs.exe
Microsoft Windows Update Service
VolDriver.exe
%s:Zone.Identifier
%userprofile%
Software\Microsoft\Windows\CurrentVersion\Run\
%s\nodescfg.dat
%s\cmdcfg.dat
service
serviceType
serviceList
device
deviceType
deviceList
urn:schemas-upnp-org:device:InternetGatewayDevice:1
urn:schemas-upnp-org:device:WANDevice:1
urn:schemas-upnp-org:device:WANConnectionDevice:1
urn:schemas-upnp-org:service:WANIPConnection:1
urn:schemas-upnp-org:service:WANPPPConnection:1
controlURL
URLBase
"%temp%
%s\%d%d.exe
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee RDN/Generic.rp
Malwarebytes Clean
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Dropped:Generic.Malware.SF.14F139F2
K7GW Trojan ( 0058207e1 )
K7AntiVirus Clean
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Phorpiex.AS
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Generic
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Dropped:Generic.Malware.SF.14F139F2
Tencent Clean
Ad-Aware Dropped:Generic.Malware.SF.14F139F2
Sophos Mal/Generic-S
Comodo Clean
F-Secure Worm.WORM/Phorpiex.biwgu
DrWeb DLOADER.Trojan
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Backdoor.qh
FireEye Generic.mg.b53466259125d66d
Emsisoft Dropped:Generic.Malware.SF.14F139F2 (B)
SentinelOne Static AI - Malicious PE
GData Dropped:Generic.Malware.SF.14F139F2
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=81)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Generic.Malware.SF.14F139F2
ViRobot Clean
ZoneAlarm HEUR:Trojan.Win32.Generic
Microsoft Trojan:Script/Phonzy.C!ml
AhnLab-V3 Clean
Acronis Clean
VBA32 BScope.Trojan.Hynamer
ALYac Dropped:Generic.Malware.SF.14F139F2
TACHYON Clean
Cylance Unsafe
Panda Trj/GdSda.A
Zoner Clean
TrendMicro-HouseCall Clean
Rising Worm.Phorpiex!1.D985 (CLASSIC)
Yandex Clean
Ikarus Worm.Win32.Phorpiex
eGambit Unsafe.AI_Score_66%
Fortinet W32/Phorpiex.AS!tr
BitDefenderTheta AI:Packer.0C683F6C1E
AVG Win32:KadrBot [Trj]
Avast Win32:KadrBot [Trj]
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.