popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-14 11:09:41

PDB Path

PE Imphash

3636696cda8ae63c15290a7642f2c7a3

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000d94 0x00000e00 5.59922139278
.rdata 0x00002000 0x00000a9c 0x00000c00 4.16844825853
.data 0x00003000 0x0000003c 0x00000200 0.0203931352361
.rsrc 0x00004000 0x000001b4 0x00000200 5.09797908882
.reloc 0x00005000 0x000001a8 0x00000200 5.42714476615

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x4020d8 StrCmpNW
0x4020dc PathFileExistsW
0x4020e0 StrStrIW
Library MSVCRT.dll:
0x402090 _onexit
0x402094 __dllonexit
0x402098 _controlfp
0x40209c _except_handler3
0x4020a0 __set_app_type
0x4020a4 __p__fmode
0x4020a8 __p__commode
0x4020ac _adjust_fdiv
0x4020b0 __setusermatherr
0x4020b4 _initterm
0x4020b8 __getmainargs
0x4020bc _acmdln
0x4020c0 exit
0x4020c4 wcslen
0x4020c8 wcscmp
0x4020cc _XcptFilter
0x4020d0 _exit
Library KERNEL32.dll:
0x402020 GetStartupInfoA
0x402024 GetModuleHandleA
0x402028 CreateMutexA
0x40202c GetLastError
0x402030 ExitProcess
0x402034 GetModuleFileNameW
0x40203c CopyFileW
0x402040 CreateThread
0x402044 Sleep
0x402048 ExitThread
0x40204c SetFileAttributesW
0x402050 DeleteFileW
0x402054 HeapFree
0x402058 HeapAlloc
0x40205c GetProcessHeap
0x402060 lstrcpyW
0x402064 QueryDosDeviceW
0x402068 GetDriveTypeW
0x40206c GetLogicalDrives
0x402070 RemoveDirectoryW
0x402074 FindClose
0x402078 FindNextFileW
0x40207c MoveFileExW
0x402080 lstrcmpW
0x402084 FindFirstFileW
0x402088 CreateDirectoryW
Library USER32.dll:
0x4020e8 wsprintfW
Library ADVAPI32.dll:
0x402000 RegSetValueExW
0x402004 RegQueryValueExW
0x402008 RegOpenKeyExW
0x40200c RegQueryInfoKeyW
0x402010 RegEnumValueW
0x402014 RegDeleteValueW
0x402018 RegCloseKey
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
PhorpiexRemover
StrStrIW
StrCmpNW
PathFileExistsW
SHLWAPI.dll
wcslen
wcscmp
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
HeapFree
HeapAlloc
GetProcessHeap
lstrcpyW
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
RemoveDirectoryW
FindClose
FindNextFileW
MoveFileExW
lstrcmpW
FindFirstFileW
CreateDirectoryW
DeleteFileW
SetFileAttributesW
ExitThread
CreateThread
CopyFileW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ADVAPI32.dll
RSDS?26d
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
0F0e0l0
1F1e1l1
2F2e2l2
3F3e3l3
4(565Y5c5
6/6<6O6\6
7*777G7]7j7
80858A8M8X8o8{8
9"989O9Z9
9C:M:X:h:n:t:
;";-;4;:;E;J;T;a;s;x;};
<"<(<.<4<L<V<\<b<o<v<{<
=$=*=0=6=<=B=H=N=T=Z=`=f=l=r=x=~=
jjjjjjj
jjjjjjj
jjjjjjj
jjjjjjj
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Microsoft Service
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Client Server Runtime
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Host Process for Windows
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Desktop Window Mana
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
%s\%s\DriveMgr.exe
r%userprofile%
%ls\PhorpiexRemover.exe
%ls:Zone.Identifier
Phorpiex Remover
Software\Microsoft\Windows\CurrentVersion\Run\
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Zonidel.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee RDN/Generic.dx
Cylance Unsafe
Zillya Clean
Sangfor Clean
CrowdStrike win/malicious_confidence_60% (W)
BitDefender Gen:Heur.Mint.Zard.39
K7GW Trojan ( 0058253a1 )
K7AntiVirus Trojan ( 0058253a1 )
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Agent.ADMJ
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Zonidel.gen
Alibaba Trojan:Win32/Zonidel.96e7fe62
NANO-Antivirus Trojan.Win32.Zonidel.jbbiel
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Heur.Mint.Zard.39
Rising Trojan.Generic@ML.90 (RDML:dzB5pRgOKMqpQ0Q1hWz6VA)
Ad-Aware Gen:Heur.Mint.Zard.39
Emsisoft Gen:Heur.Mint.Zard.39 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Artemis!Trojan
FireEye Generic.mg.400fc2e410b02fb1
Sophos Clean
SentinelOne Static AI - Malicious PE
GData Gen:Heur.Mint.Zard.39
Jiangmin Clean
Webroot Clean
Avira TR/Crypt.XPACK.Gen
MAX malware (ai score=88)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Mint.Zard.39
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3 Clean
Acronis Clean
VBA32 BScope.Trojan.Tiggre
ALYac Gen:Heur.Mint.Zard.39
TACHYON Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet W32/Agent.ADMJ!tr
BitDefenderTheta AI:Packer.B311DA271F
AVG Win32:Trojan-gen
Avast Win32:Trojan-gen
No IRMA results available.