popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-17 12:19:43

PDB Path

PE Imphash

d4fccbf39f0b0e9e3b5577d3527b4e69

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000722 0x00000800 5.22183945527
.rdata 0x00002000 0x00000883 0x00000a00 3.9637668388
.data 0x00003000 0x00000244 0x00000200 0.0203931352361
.rsrc 0x00004000 0x000001b4 0x00000200 5.09797908882
.reloc 0x00005000 0x00000146 0x00000200 3.51267272973

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library SHLWAPI.dll:
0x402090 PathFileExistsW
Library MSVCRT.dll:
0x402040 __set_app_type
0x402044 _except_handler3
0x402048 __p__fmode
0x40204c _controlfp
0x402050 __p__commode
0x402054 _adjust_fdiv
0x402058 __setusermatherr
0x40205c _initterm
0x402060 __getmainargs
0x402064 _acmdln
0x402068 exit
0x40206c _XcptFilter
0x402070 _exit
0x402074 srand
0x402078 wcslen
0x40207c rand
0x402080 memset
Library WININET.dll:
0x4020a0 InternetCloseHandle
0x4020a4 InternetOpenUrlW
0x4020a8 InternetOpenW
0x4020ac InternetReadFile
Library urlmon.dll:
0x4020b4 URLDownloadToFileW
Library KERNEL32.dll:
0x402010 DeleteFileW
0x402014 WriteFile
0x402018 Sleep
0x40201c CreateFileW
0x402020 GetModuleHandleA
0x402024 CreateProcessW
0x402028 CloseHandle
0x40202c SetFileAttributesW
0x402030 GetStartupInfoA
0x402034 GetTickCount
Library USER32.dll:
0x402098 wsprintfW
Library ADVAPI32.dll:
0x402000 RegSetValueExW
0x402004 RegCloseKey
0x402008 RegOpenKeyExW
Library SHELL32.dll:
0x402088 ShellExecuteW
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
uYh 0@
u:h 0@
u:h 0@
PathFileExistsW
SHLWAPI.dll
memset
wcslen
MSVCRT.dll
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
InternetCloseHandle
InternetReadFile
InternetOpenUrlW
InternetOpenW
WININET.dll
URLDownloadToFileW
urlmon.dll
CreateProcessW
DeleteFileW
CloseHandle
WriteFile
CreateFileW
ExpandEnvironmentStringsW
SetFileAttributesW
GetTickCount
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
wsprintfW
USER32.dll
RegCloseKey
RegSetValueExW
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Y0i0|0
0"1(1[1
2#2.2Z2_2e2n2t2
2B3H3T3a3q3
4'4-494>4D4L4R4_4z4
5 5)565C5J5]5l5r5x5~5
6'696>6C6P6
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
%s:Zone.Identifier
%s:Zone.Identifier
%userprofile%
%ls\5s4d.txt
%userprofile%
%s\wincfg.exe
http://185.215.113.84/etc.exe
Software\Microsoft\Windows\CurrentVersion\Run\
Windows Configuration
Software\Microsoft\Windows\CurrentVersion\Run\
Windows Configuration
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Generic.a!c
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.37595827
CMC Clean
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.37595827
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan-Downloader ( 005823881 )
BitDefender Trojan.GenericKD.37595827
K7GW Trojan-Downloader ( 005823881 )
CrowdStrike win/malicious_confidence_90% (W)
BitDefenderTheta Gen:NN.ZexaF.34142.auW@a8m3bHai
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/TrojanDownloader.Tiny.NTK
Baidu Clean
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan-Downloader.Win32.Generic
Alibaba TrojanDownloader:Win32/MalwareX.95a1a994
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@ML.91 (RDML:HYCzEUpYBrFhWCy5trk1yg)
Ad-Aware Trojan.GenericKD.37595827
TACHYON Clean
Emsisoft Trojan-Downloader.Tiny (A)
Comodo Clean
F-Secure Clean
DrWeb Trojan.DownLoader.origin
Zillya Clean
TrendMicro TROJ_FRS.0NA103II21
McAfee-GW-Edition BehavesLike.Win32.Generic.zt
FireEye Generic.mg.af3e98549b975158
Sophos Mal/Generic-S (PUA)
Ikarus Trojan-Downloader.Win32.Tiny
GData Trojan.GenericKD.37595827
Jiangmin Clean
Webroot Clean
Avira TR/Crypt.XPACK.Gen
Antiy-AVL Clean
Kingsoft Win32.Heur.KVMH017.a.(kcloud)
Gridinsoft Trojan.Win32.Packed.oa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.TE.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Malware/Win32.Generic.C4204685
Acronis suspicious
McAfee RDN/Generic Downloader.x
MAX malware (ai score=84)
VBA32 suspected of Trojan.Downloader.gen
Malwarebytes Trojan.Downloader
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_FRS.0NA103II21
Tencent Win32.Trojan-downloader.Generic.Lohy
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Tiny.NTK!tr.dldr
AVG Win32:MalwareX-gen [Trj]
Cybereason malicious.49b975
Avast Win32:MalwareX-gen [Trj]
No IRMA results available.