Static | ZeroBOX

PE Compile Time

2019-07-30 17:52:50

PE Imphash

5877688b4859ffd051f6be3b8e0cd533

PEiD Signatures

PureBasic 4.x -> Neil Hodgson

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.code 0x00001000 0x000037f0 0x00003800 5.60877613077
.text 0x00005000 0x0000d2c2 0x0000d400 6.55808372928
.rdata 0x00013000 0x0000339d 0x00003400 7.11064033873
.data 0x00017000 0x0000172c 0x00001200 4.99985813254
.rsrc 0x00019000 0x00012a8c 0x00012c00 7.68667878965

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x0001d7ac 0x000077d2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0001d7ac 0x000077d2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0001d7ac 0x000077d2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0001d7ac 0x000077d2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x0001d7ac 0x000077d2 LANG_NEUTRAL SUBLANG_NEUTRAL PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_RCDATA 0x00024fa4 0x00006836 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00024fa4 0x00006836 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00024fa4 0x00006836 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_RCDATA 0x00024fa4 0x00006836 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x0002b7dc 0x0000004c LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_MANIFEST 0x0002b828 0x00000263 LANG_NEUTRAL SUBLANG_NEUTRAL XML 1.0 document, ASCII text

Imports

Library MSVCRT.dll:
0x417470 memset
0x417474 wcsncmp
0x417478 memmove
0x41747c wcsncpy
0x417480 wcsstr
0x417484 _wcsnicmp
0x417488 _wcsdup
0x41748c free
0x417490 _wcsicmp
0x417494 wcslen
0x417498 wcscpy
0x41749c wcscmp
0x4174a0 memcpy
0x4174a4 tolower
0x4174a8 wcscat
0x4174ac malloc
Library KERNEL32.dll:
0x4174b4 GetModuleHandleW
0x4174b8 HeapCreate
0x4174bc GetStdHandle
0x4174c0 HeapDestroy
0x4174c4 ExitProcess
0x4174c8 WriteFile
0x4174cc GetTempFileNameW
0x4174d0 LoadLibraryExW
0x4174d4 EnumResourceTypesW
0x4174d8 FreeLibrary
0x4174dc RemoveDirectoryW
0x4174e0 GetExitCodeProcess
0x4174e4 EnumResourceNamesW
0x4174e8 GetCommandLineW
0x4174ec LoadResource
0x4174f0 SizeofResource
0x4174f4 FreeResource
0x4174f8 FindResourceW
0x4174fc GetNativeSystemInfo
0x417500 GetShortPathNameW
0x417508 GetSystemDirectoryW
0x417510 CloseHandle
0x41751c WaitForSingleObject
0x417520 TerminateThread
0x417524 CreateThread
0x417528 Sleep
0x41752c GetProcAddress
0x417530 GetVersionExW
0x417534 WideCharToMultiByte
0x417538 HeapAlloc
0x41753c HeapFree
0x417540 LoadLibraryW
0x417544 GetCurrentProcessId
0x417548 GetCurrentThreadId
0x41754c GetModuleFileNameW
0x417558 GetCurrentProcess
0x41755c TerminateProcess
0x417564 HeapSize
0x417568 MultiByteToWideChar
0x41756c CreateDirectoryW
0x417570 SetFileAttributesW
0x417574 GetTempPathW
0x417578 DeleteFileW
0x417584 CreateFileW
0x417588 SetFilePointer
0x41758c TlsFree
0x417590 TlsGetValue
0x417594 TlsSetValue
0x417598 TlsAlloc
0x41759c HeapReAlloc
0x4175a8 InterlockedExchange
0x4175ac GetLastError
0x4175b0 SetLastError
0x4175b4 UnregisterWait
0x4175b8 GetCurrentThread
0x4175bc DuplicateHandle
Library USER32.DLL:
0x4175c8 CharUpperW
0x4175cc CharLowerW
0x4175d0 MessageBoxW
0x4175d4 DefWindowProcW
0x4175d8 DestroyWindow
0x4175dc GetWindowLongW
0x4175e4 GetWindowTextW
0x4175e8 UnregisterClassW
0x4175ec LoadIconW
0x4175f0 LoadCursorW
0x4175f4 RegisterClassExW
0x4175f8 IsWindowEnabled
0x4175fc EnableWindow
0x417600 GetSystemMetrics
0x417604 CreateWindowExW
0x417608 SetWindowLongW
0x41760c SendMessageW
0x417610 SetFocus
0x417618 SetForegroundWindow
0x41761c BringWindowToTop
0x417620 GetMessageW
0x417628 TranslateMessage
0x41762c DispatchMessageW
0x417634 PostMessageW
0x417638 GetForegroundWindow
0x417640 IsWindowVisible
0x417644 EnumWindows
0x417648 SetWindowPos
Library GDI32.DLL:
0x417650 GetStockObject
Library COMCTL32.DLL:
Library SHELL32.DLL:
0x417660 ShellExecuteExW
0x417664 SHGetFolderLocation
Library WINMM.DLL:
0x417670 timeBeginPeriod
Library OLE32.DLL:
0x417678 CoInitialize
0x41767c CoTaskMemFree
Library SHLWAPI.DLL:
0x417684 PathAddBackslashW
0x41768c PathQuoteSpacesW
0x417690 PathRemoveArgsW

!This program cannot be run in DOS mode.
`.text
`.rdata
@.data
\$TK;\$(
PPPPPP
PPPPPP
PPPPPP
PPPPPP
PPPPPP
[_;\$(u
t3Ot"Ot
D$ PVW
{_^][Y
VW9l$4u
D$4$0A
\$89l$<u
D$<$0A
L$@9l$D
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
D$$QVP
jPjCjnh
D$$PVS
f9LD6u
j\Xf9D~
QQSUVW
tcj"Zf;
_^][YY
!~(_^[
j\Xf9Ds
QVVh qA
j\Xf9Dw
HtOHt5
t9V@Pj
<_^][YY
3D$H3D$<
3D$$3D$@
3T$(3T$D3T$<
3T$,3T$
3T$03T$
3T$ 3T$
3T$H3T$
3T$$3T$ 3P
L$X3P$
3T$,3P,3P
3T$03P03P
3P43P
3P83P$
3P<3P(
3W83W 3W
3S<3S$3S
13q(3q 3q
3q,3q$
3q03q(3q
3q43q,3q
3q83q03q$
q<3q43q(3q
13q83q,3q
3q<3q03q
313q43q
3q83q$
3q<3q(
3r83r 3r
3r<3r$3r
13q(3q 3q
3q,3q$3q
3p43p,3p
3P83P03P$
3P83P$
3P<3P(
D$h3H03H
\$03\$X3\$
3P(3P
l$X3P,3P$3P
3T$L3T$D3P
3T$H3T$@3P
3P83T$L
P(3P<3T$H3P
D$,3A<3A
?vMj@[+
wI;O(wDj
D$DRSP
WD;P s
s@u';i
WD;P(s
Gl;G`sX
Gl;G`r
M;t$Dr
T$8#\$
T$8#\$
|$ 9OD
D$(+D$
D$(+D$,
D$,^][_
t@90u<
t}9;uy
N,9N4u
F0][_3
D$,xbA
D$(8bA
t$H;t$<
_^][YY
RtlGetVersion
SHBrowseForFolderW
SHGetPathFromIDListW
GetLongPathNameW
SHGetKnownFolderPath
0123456789abcdefK
InitOnceExecuteOnce
1.2.11
incorrect header check
unknown compression method
invalid window size
unknown header flags set
header crc mismatch
invalid block type
invalid stored block lengths
too many length or distance symbols
invalid code lengths set
invalid bit length repeat
invalid code -- missing end-of-block
invalid literal/lengths set
invalid distances set
invalid literal/length code
invalid distance code
invalid distance too far back
incorrect data check
incorrect length check
Qkkbal
[-&LMb#{'
w+OQvr
INSKyu
)\ZEo^m/
H*0"ZOW
mj>zjZ
IiGM>nw
ewh/?y
OZw3(?
V_:X1:
inflate 1.2.11 Copyright 1995-2017 Mark Adler
need dictionary
stream end
file error
stream error
data error
insufficient memory
buffer error
incompatible version
memset
MSVCRT.dll
GetModuleHandleW
HeapCreate
GetStdHandle
HeapDestroy
ExitProcess
WriteFile
GetTempFileNameW
LoadLibraryExW
EnumResourceTypesW
FreeLibrary
RemoveDirectoryW
GetExitCodeProcess
EnumResourceNamesW
GetCommandLineW
LoadResource
SizeofResource
FreeResource
FindResourceW
GetNativeSystemInfo
GetShortPathNameW
GetWindowsDirectoryW
GetSystemDirectoryW
KERNEL32.dll
wcsncmp
memmove
wcsncpy
wcsstr
_wcsnicmp
_wcsdup
_wcsicmp
wcslen
wcscpy
wcscmp
memcpy
tolower
wcscat
malloc
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
TerminateThread
CreateThread
GetProcAddress
GetVersionExW
WideCharToMultiByte
HeapAlloc
HeapFree
LoadLibraryW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
MultiByteToWideChar
CreateDirectoryW
SetFileAttributesW
GetTempPathW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateFileW
SetFilePointer
TlsFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
SetLastError
UnregisterWait
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
CharUpperW
CharLowerW
MessageBoxW
DefWindowProcW
DestroyWindow
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
UnregisterClassW
LoadIconW
LoadCursorW
RegisterClassExW
IsWindowEnabled
EnableWindow
GetSystemMetrics
CreateWindowExW
SetWindowLongW
SendMessageW
SetFocus
CreateAcceleratorTableW
SetForegroundWindow
BringWindowToTop
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
PostMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
SetWindowPos
USER32.DLL
GetStockObject
GDI32.DLL
InitCommonControlsEx
COMCTL32.DLL
ShellExecuteExW
SHGetFolderLocation
SHGetPathFromIDListW
SHELL32.DLL
timeBeginPeriod
WINMM.DLL
CoInitialize
CoTaskMemFree
OLE32.DLL
PathAddBackslashW
PathRenameExtensionW
PathQuoteSpacesW
PathRemoveArgsW
PathRemoveBackslashW
SHLWAPI.DLL
%!#H($&
8.1H6.2
($&1)$'
+&)d3.2
.),x-(+
/+.d/*.
4-12*,,
'#%:)%'
:/2:?/2
&#$7&#$
,'*5-(+
.),A.)-
/+.6/,,
% "7&!#
7.279.2
($&()%(j+'*
D/4j;/3(415
' #p&"%
("%'("%
&#%.&#$
+&);+&)
,'*]=8;
.),p-(+
/*-q.),
/+-^/*.
0,.;1-/
5-1}3-0
%".&!#
7.2.?-/
'!$((#%q(%&
8/3p9/3(C-0
*&)4+'*n,(+
D.3mM/74K/5
;j6V@nK>{
oDvD$G
iDg02Kf
dd&C5'
A>>oXy
ucU?^U7|
6vfsdG
'2nO7e
*sPj,2\
W 2SV8
o!|cM%
N.rke4
526},
j+-9sj
A-.~k>
BWh{^jq
\z4h?B
ODwP@
ObIR-Zk
ROGiwSnkX
/}>*U#
CP&?Ue~a
+O]~;/_
qffgY[[+
=nPrhn
$!=(uyO
annn,$[]]azzjh1
&-clh4y6
)eRbm*
lll0555
k_Y*;}
SSSlnn
5??_&(
"lmnq
vvUeuuu$
kXX[[c}}}
F_"e}}
^ykkk{
}o99.)
TqN9SY
n$@6I.I
y)l?O!?
fPrES+[dW
GVAVW.R
(*}[Or
xbyYKRU
_I"^`\+@
0"b%[g
|m9oQ0
i7(Mw7%
XN`nv^
5dvW2$
y[#z@v?j
_>\MCv
Llq%a9
[@z>Q]icD
:l!UhU
.C:8y[
W<AAwM)KqtT
33-K^|
@I5Tn
NOgOgK
VS4<&F0
JsZ(Fjd
ZSzjLbL
=/^r=&VfAu
x-sf'p
]RkE>Z
n/)|Dv\V
;(L"B&
2gJn"g
kbos?|o
xhQA9Sl
{rT1`b
t\\%v.
#!hrAr
<=DzGz
]TwCU-
cvWT '
vuj'1k
_a]y;-K
&s"Q[`E
kF+jTLy
PmsC*>
:? > P
hriJN[
^@]%uE
}B'!+&
?8.3f:z
#VdGGF
/e&2>m
qrwqRI.V
`Py&wL]A
qz*49(
)VIxy>1
9^F=\rK
;H?zC/
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="CompanyName.ProductName.YourApp"
type="win32" />
<description></description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*" />
</dependentAssembly>
</dependency>
</assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
ntdll.dll
2147483648
InputRequester
STATIC
BUTTON
SHELL32.DLL
AInvalid memory access
Array bounds exceeded
Debugger breakpoint reached
Misaligned data access
Denormal floating-point operand
Division by zero (floating-point)
Inexact floating-point result
Invalid floating-point operation
Floating-point overflow (exponent to great)
Floating-point stack overflow or underflow
Floating-point underflow (exponent too small)
Illegal instruction
Memory page error
Division by zero
Integer overflow
Exception handler returned unknown value
Exception handler tried to continue after non-continuable exception
Privileged instruction
Single step trap
Stack overflow
Unknown error code
Kernel32.DLL
Shell32.DLL
Downloads\
Kernel32.dll
#+3;CScs
sysnative
339822E2FD(42D1E386E76C6556418DDC7BB35A4F55D691DD1A 5C3D3DF6F7DF35EC1C5E32CFC4A78370 6E47C064E0A56EBBF92A933DD2C6DF45(
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Tiny.trFe
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Trojan.FuerboosPMF.S18713185
McAfee RDN/MalGenrc
Malwarebytes Malware.AI.1435235507
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Trojan.GenericKD.46957172
K7GW Clean
CrowdStrike Clean
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKD.46957172
Tencent Clean
Ad-Aware Trojan.GenericKD.46957172
Sophos Generic ML PUA (PUA)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Tool.Lazagne.Win32.102
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.cc
FireEye Generic.mg.e60b189b5dfae48f
Emsisoft Trojan.GenericKD.46957172 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.PowerShell.bj
Webroot Clean
Avira Clean
MAX malware (ai score=88)
Antiy-AVL Trojan/Generic.ASMalwS.2B9EB3B
Kingsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.A!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Win32.Trojan.PSE.476UDI
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
TACHYON Clean
Cylance Unsafe
Panda Trj/Genetic.gen
Zoner Trojan.Win32.85523
TrendMicro-HouseCall Clean
Rising Clean
Yandex Clean
Ikarus Trojan.Win32
eGambit Unsafe.AI_Score_89%
Fortinet Clean
BitDefenderTheta Clean
Avast Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.