popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-19 16:45:29

PE Imphash

5511694027f5c5aab51d18a076c7a70f

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00025fe4 0x00026000 5.916968128
.data 0x00027000 0x00000a42 0x00000c00 1.65596271584
.rsrc 0x00028000 0x00011660 0x00011800 4.76622872123
.jqdo 0x0003a000 0x00045000 0x00045000 0.0
.cjqb 0x0007f000 0x00045000 0x00045000 0.0
.agvn 0x000c4000 0x00045000 0x00045000 0.0
.jgkx 0x00109000 0x00045000 0x00045000 0.0

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00028268 0x00010828 LANG_ENGLISH SUBLANG_ENGLISH_US dBase III DBT, version number 0, next free block index 40
RT_MENU 0x00038a90 0x0000011c LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00038bac 0x000002ac LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00039020 0x00000322 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00039020 0x00000322 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x000394ac 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x000394ac 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x000394bc 0x00000016 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000394d4 0x0000018a LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library kernel32.dll:
0x427800 GetProcAddress
0x427804 GetVersion
0x427808 LoadLibraryA
0x42780c VirtualAlloc
0x427810 VirtualProtect
0x427814 GetCurrentThread
0x427818 SetPriorityClass
Library user32.dll:
0x427830 GetWindowDC
0x427834 ReleaseDC
0x427838 GetCursorInfo
0x42783c GetCursorPos
0x427840 GetMenu
0x427844 CharLowerBuffW
0x427848 ToAscii
0x42784c InsertMenuItemW
Library ole32.dll:
0x427820 GetConvertStg
0x427824 CoRevertToSelf
!This program cannot be run in DOS mode.
`.data
@.jqdo
u:PQVR
u2PQTT
PQRVW9
PQRVW=^
B_^ZYX
D"(D"HT"6
JD"FT"
D"~@*"D
XE 8Q
(dD(LD(
(DQ(lE(
(vD(~A(tA(
(\D(|@(
6@(T@(
(\@(^@(
E(|A(vE(
A($Q(,U(
.P(DP(n
@(fP(nT(
U(lU(NU(
D(.E(,A(
@(VT(VA(\
GetCurrentThread
GetProcAddress
GetVersion
LoadLibraryA
SetPriorityClass
VirtualAlloc
VirtualProtect
kernel32.dll
CharLowerBuffW
GetCursorInfo
GetCursorPos
GetMenu
GetWindowDC
InsertMenuItemW
ReleaseDC
ToAscii
user32.dll
CoRevertToSelf
CoUnmarshalInterface
GetConvertStg
ole32.dll
S`M)KncnO
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
Advanced
MS Shell Dlg
Print range
&All selected pages
&Odd pages only
&Even pages only
Page scaling
&Shrink pages to printable area (if necessary)
&Fit pages to printable area
&Use original page sizes
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Clean
Elastic malicious (high confidence)
ClamAV Clean
FireEye Generic.mg.9495761e569d1589
CAT-QuickHeal Clean
McAfee Artemis!9495761E569D
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
CrowdStrike win/malicious_confidence_80% (W)
BitDefenderTheta Gen:NN.ZexaF.34142.tDW@auGD2kki
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FKXF
Baidu Clean
APEX Malicious
Paloalto generic.ml
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Clean
Tencent Clean
Ad-Aware Clean
Sophos Mal/Generic-R + Mal/EncPk-NS
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.tz
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Trojan:Win32/Woreflint.A!cl
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
AhnLab-V3 Clean
Acronis suspicious
VBA32 Malware-Cryptor.Limpopo
ALYac Clean
TACHYON Clean
Malwarebytes Malware.AI.4154696863
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.99 (RDML:nsijWaEzNuuOqjcQTtMK+Q)
Yandex Clean
Ikarus Trojan.Win32.Crypt
MaxSecure Clean
Fortinet Clean
AVG FileRepMalware
Avast FileRepMalware
No IRMA results available.