popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2010-04-04 03:40:16

PE Imphash

4d0b2c4c35fea49148bb1439759df35a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00019760 0x0001a000 6.71200789971
.data 0x0001b000 0x0000119c 0x00001000 0.0
.rsrc 0x0001d000 0x000016f6 0x00002000 2.92135618451

Resources

Name Offset Size Language Sub-language File type
CUSTOM 0x0001d9fc 0x0000013e LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 16x16, 16 colors
CUSTOM 0x0001d9fc 0x0000013e LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 16x16, 16 colors
CUSTOM 0x0001d9fc 0x0000013e LANG_ENGLISH SUBLANG_ENGLISH_US MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_ICON 0x0001d4bc 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001d4bc 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x0001d4bc 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0001d48c 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x0001d200 0x0000028c LANG_NORWEGIAN SUBLANG_NORWEGIAN_BOKMAL PGP symmetric key encrypted data - Plaintext or unencrypted data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaVarMove
0x40100c __vbaFreeVar
0x401010 __vbaAryMove
0x401014 __vbaFreeVarList
0x401018 __vbaEnd
0x40101c _adj_fdiv_m64
0x401020 None
0x401024 _adj_fprem1
0x401028 None
0x40102c __vbaSetSystemError
0x401030 None
0x401034 None
0x40103c None
0x401040 None
0x401044 _adj_fdiv_m32
0x401048 __vbaAryDestruct
0x40104c None
0x401050 None
0x401054 __vbaObjSet
0x401058 __vbaOnError
0x40105c _adj_fdiv_m16i
0x401060 _adj_fdivr_m16i
0x401064 None
0x401068 __vbaFpR8
0x40106c _CIsin
0x401070 __vbaErase
0x401074 None
0x401078 __vbaChkstk
0x40107c EVENT_SINK_AddRef
0x401084 __vbaStrCmp
0x401088 __vbaAryConstruct2
0x40108c __vbaI2I4
0x401090 None
0x401094 DllFunctionCall
0x401098 _adj_fpatan
0x40109c __vbaRedim
0x4010a0 EVENT_SINK_Release
0x4010a4 __vbaUI1I2
0x4010a8 _CIsqrt
0x4010b0 __vbaExceptHandler
0x4010b4 _adj_fprem
0x4010b8 _adj_fdivr_m64
0x4010bc __vbaFPException
0x4010c0 None
0x4010c4 _CIlog
0x4010c8 __vbaNew2
0x4010cc __vbaInStr
0x4010d0 __vbaVar2Vec
0x4010d4 None
0x4010d8 None
0x4010dc None
0x4010e0 _adj_fdiv_m32i
0x4010e4 _adj_fdivr_m32i
0x4010e8 __vbaStrCopy
0x4010ec __vbaI4Str
0x4010f0 _adj_fdivr_m32
0x4010f4 _adj_fdiv_r
0x4010f8 None
0x4010fc None
0x401100 __vbaVarTstNe
0x401104 None
0x401108 None
0x40110c __vbaInStrB
0x401110 __vbaVarAdd
0x401114 __vbaVarDup
0x401118 __vbaStrToAnsi
0x40111c None
0x401120 _CIatan
0x401124 __vbaStrMove
0x401128 __vbaCastObj
0x40112c _allmul
0x401130 None
0x401134 _CItan
0x401138 None
0x40113c _CIexp
0x401140 __vbaFreeObj
0x401144 __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
zorilleslande
Strandfogeden
postanvisning
postanvisning
Label3
derelict
Substagestrafi7
Raahedasci9
omdigtning
PIGMAKINGS
FAGFORENINGSF
Blaalersseniors8
Tagassuid
Astringespiseg
DRILBORROGUES
Recuperancebo
Dolmanensunli9
fllesbetegnel
AKVARIEPLANT
Skopudsernecoi1
Adventuristlap7
Noncondime
fibersprn
panelernesisid
Image1
8Vn;b_
;VgQ7m
v]^$z_
v]?w1]
m2|f=qw5
VX}57kO
C-I|;RA
5m->(V
v5rP6tV
L}'V)v\
v]^_ e0
v]?bx]
Tq6dR5v]
Byv@xcV
v]^h'd
v](,V\
v](,R\
;hf,;Vf
Byj4&{<
#[r]RY
~;T`v;\
;VcRfV
C,mHRB
v]?K=]
hfVw|-x
Y'~oVhuC
(f/hYa)
3UVbB\;
v]^as]
;RZCVNd
0Q^$__
;hha;Vf
v]?Q5]
z\Rav]
Y8P8e
_rV91d
vRSew]
vRSbv]
y;TXt;^
v]T^Ve
vRRop]
?+;RIO
vR[Ku]
$)~;Vf
^I&; [R/\
n^K3V[
v]^,$_
v]?Cj]
.$1!; ^Mv\$|_
v]>v{]
VwD9u?
v]nsXkM
c Z$ s@'
Ry\,c_
[r]!^P
v]^[$;RH
qR?Gf]
v; _}!^
|RFM5s
C[~]Sv
v]^X'e1
v]^H';
vRSfv]
([r]S[G
OfZLw]
v]?nv]
v]RjbLV,
vRSHv]
vzxYnfJ
v]^$7_
; Zz5Tpr
Cn%:X
{AVXyiGb
vfJXw]
vfJ4w]
%TTZrl
v]^IM^\
^H'; ^1/\
>M>Tw]
_2N+Z4
4tVoa
vRRVv]
vRR.v]
}k+9E[
6;V`@/
c\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
DQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ
2NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
^eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
MCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
VB5!6&*
buglossesr
zorilleslande
zorilleslande
zorilleslande
Strandfogeden
TRANSPORTBA
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
omdigtning
Substagestrafi7
DRILBORROGUES
Image1
Adventuristlap7
Dolmanensunli9
fibersprn
Label3
AKVARIEPLANT
Tagassuid
FAGFORENINGSF
user32
MessageBoxExA
PolyBezier
SetWindowTextA
Stibonium
hydroplutonic
Sandbag
Octarchies3
VBA6.DLL
__vbaErase
__vbaVarAdd
__vbaAryConstruct2
__vbaCastObj
__vbaOnError
__vbaInStrB
__vbaVarMove
__vbaStrCmp
__vbaStrCopy
__vbaAryDestruct
__vbaI2I4
__vbaFreeStr
__vbaStrToAnsi
__vbaVar2Vec
__vbaAryMove
__vbaSetSystemError
__vbaInStr
__vbaFpR8
__vbaEnd
__vbaUI1I2
__vbaGenerateBoundsError
__vbaRedim
__vbaI4Str
__vbaFreeVar
__vbaObjSet
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaStrMove
__vbaFreeVarList
__vbaVarDup
__vbaVarTstNe
TRANSPORTBA
pukkelensst
pukkelensst
billedbaandoptagerne
Petitesserne
ekphory
Moust1
Forbrugers6
Savojkaalen9
ARTISANAL
DICTYOPHORA
Faseledning
aabenbaringsreligions
Flaskeaabnerens
bybefolkningen
Blikvarefabrikkernes6
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaAryMove
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaErase
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
__vbaInStr
__vbaVar2Vec
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaInStrB
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
x37wwwwx
-::98541
'::=:985+
-:===:85+
-====:8'
-1===:8-
'-:=:88
,1298851
')22854%
'',,854)
'58855)
55888855
)1588998854
5589::9855
455885551
Tilbury1
Computerprogram
Bermmelsens
STATSPAPIRER
Taconian9
BIOGENSOCTAETER
Runitehydrophil
INDICATRIX
Afkappendes
INEQUIVALENT
Acromimia
remises
siddepladser
ANFLJNES
Bageevnes4
AFSNRINGEN
REDRAFT
CUSTOM
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
041404B0
Comments
Thunderbird
CompanyName
FileDescription
Hp, Inc.
ProductName
spicevpn.com
FileVersion
ProductVersion
InternalName
buglossesr
OriginalFilename
buglossesr.exe
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
ALYac Clean
Malwarebytes Clean
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_90% (W)
BitDefender Trojan.GenericKD.37585626
K7GW Clean
K7AntiVirus Clean
Baidu Clean
Cyren W32/VBInject.HO3.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FKPJ
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan.Win32.Vebzenpak
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro TROJ_FRS.VSNW0FI21
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch
FireEye Generic.mg.451e4cd68c69c2c8
Sophos Mal/Generic-S
SentinelOne Static AI - Suspicious PE
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira Clean
MAX malware (ai score=82)
Antiy-AVL Clean
Microsoft Trojan:Script/Phonzy.C!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Trojan.GenericKD.37585626
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic.com
TACHYON Clean
VBA32 Clean
Cylance Unsafe
Panda Trj/RnkBend.A
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Win32.Trojan.Inject.Auto
Yandex Clean
Ikarus Win32.Outbreak
eGambit Unsafe.AI_Score_94%
Fortinet W32/GenKryptik.FKPJ!tr
BitDefenderTheta Gen:NN.ZevbaCO.34142.hm0@ayxjdhiO
AVG FileRepMalware
Avast FileRepMalware
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.