Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00016302	0x00016400	7.19264392185
.rdata	0x00018000	0x0000401f	0x00004200	4.31935790835
.data	0x0001d000	0x01d1d298	0x00002400	2.26127469536
.rsrc	0x01d3b000	0x00016178	0x00016200	6.34943841051

Name	Offset	Size	Language	Sub-language	File type
RT_CURSOR	0x01d50448	0x000000b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_CURSOR	0x01d50448	0x000000b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_CURSOR	0x01d50448	0x000000b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_CURSOR	0x01d50448	0x000000b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_CURSOR	0x01d50448	0x000000b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_ICON	0x01d4e530	0x00000468	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	GLS_BINARY_LSB_FIRST
RT_STRING	0x01d50c40	0x00000536	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_STRING	0x01d50c40	0x00000536	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_STRING	0x01d50c40	0x00000536	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_ACCELERATOR	0x01d4ea38	0x00000020	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_ACCELERATOR	0x01d4ea38	0x00000020	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_GROUP_CURSOR	0x01d504f8	0x00000022	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_GROUP_CURSOR	0x01d504f8	0x00000022	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_GROUP_CURSOR	0x01d504f8	0x00000022	LANG_NEUTRAL	SUBLANG_NEUTRAL	data
RT_GROUP_ICON	0x01d41938	0x00000068	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_GROUP_ICON	0x01d41938	0x00000068	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_GROUP_ICON	0x01d41938	0x00000068	LANG_UZBEK	SUBLANG_UZBEK_CYRILLIC	data
RT_VERSION	0x01d50520	0x000001b4	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

Ordinal	Address	Name
1	0x401000	@SetViceVariants@12

!This program cannot be run in DOS mode.

`.rdata

@.data

HHtXHHt

>If90t

teh M@

<at9<rt,<wt

URPQQhtX@

tNIt?It0It

j@j ^V

>=Yt1j

QQSVWh

tRHtCHt4Ht%HtFHHt

0A@@Ju

^SSSSS

j"^SSSSS

0SSSSS

tGHt.Ht&

^SSSSS

8VVVVV

;t$,v-

UQPXY]Y[

0WWWWW

AAFFf;

_VVVVV

^WWWWW

t"SS9]

PPPPPPPP

0SSSSS

_VVVVV

t+WWVPV

<+t(<-t$:

+t HHt

WH(=vtD

w-`s>z

Yv(H%tv

y+"*U:o

T~qKUCO

mbY6Im

f&;Qay

8O&Lm

GAX*4F

GlE5RS7

!3FQHS

T~~g#$4

BGlW`VR-

h@|+V*h!J

^0ECG[

n]&DEV

g<"L|Xv $h{9

YT[tGg

{rLL~HF

g)L`5g

liAXP>uN

"'_m`1J

CVjow1b

5R]W0)

;2q%@x

sp>!=q

sk?`1b

i.)~q#gOV

3Q_U*n

qVHso4

.hwVuHB

j405>O

oH5.hO

s?nfvZ

_"@!S<

KV%dAwYbK

QQSVWd

HtHu4j

s[S;7|G;w

tR99u2

(null)

`h````

xpxxxx

CorExitProcess

runtime error

TLOSS error

SING error

DOMAIN error

An application has made an attempt to load the C runtime library incorrectly.

Please contact the application's support team for more information.

- Attempt to use MSIL code from this assembly during native code initialization

This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.

- not enough space for locale information

- Attempt to initialize the CRT more than once.

This indicates a bug in your application.

- CRT not initialized

- unable to initialize heap

- not enough space for lowio initialization

- not enough space for stdio initialization

- pure virtual function call

- not enough space for _onexit/atexit table

- unable to open console device

- unexpected heap error

- unexpected multithread lock error

- not enough space for thread data

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

- not enough space for environment

- not enough space for arguments

- floating point support not loaded

Microsoft Visual C++ Runtime Library

Runtime Error!

Program:

EncodePointer

DecodePointer

FlsFree

FlsSetValue

FlsGetValue

FlsAlloc

UTF-16LE

UNICODE

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

`h`hhh

xppwpp

GetProcessWindowStation

GetUserObjectInformationA

GetLastActivePopup

GetActiveWindow

MessageBoxA

USER32.DLL

_nextafter

_hypot

GAIsProcessorFeaturePresent

KERNEL32

!"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~

HH:mm:ss

dddd, MMMM dd, yyyy

MM/dd/yy

December

November

October

September

August

February

January

Saturday

Friday

Thursday

Wednesday

Tuesday

Monday

Sunday

CONOUT$

SunMonTueWedThuFriSat

JanFebMarAprMayJunJulAugSepOctNovDec

1#QNAN

1#SNAN

bad allocation

Dubajuweso lacud yepajap kaxapaxisiwuzo

kernel32.dll

LocalAlloc

VirtualProtect

bad allocation

bad exception

Unknown exception

Complete Object Locator'

Class Hierarchy Descriptor'

Base Class Array'

Base Class Descriptor at (

Type Descriptor'

`local static thread guard'

`managed vector copy constructor iterator'

`vector vbase copy constructor iterator'

`vector copy constructor iterator'

`dynamic atexit destructor for '

`dynamic initializer for '

`eh vector vbase copy constructor iterator'

`eh vector copy constructor iterator'

`managed vector destructor iterator'

`managed vector constructor iterator'

`placement delete[] closure'

`placement delete closure'

`omni callsig'

delete[]

new[]

`local vftable constructor closure'

`local vftable'

`udt returning'

`copy constructor closure'

`eh vector vbase constructor iterator'

`eh vector destructor iterator'

`eh vector constructor iterator'

`virtual displacement map'

`vector vbase constructor iterator'

`vector destructor iterator'

`vector constructor iterator'

`scalar deleting destructor'

`default constructor closure'

`vector deleting destructor'

`vbase destructor'

`string'

`local static guard'

`typeof'

`vcall'

`vbtable'

`vftable'

operator

delete

__unaligned

__restrict

__ptr64

__clrcall

__fastcall

__thiscall

__stdcall

__pascal

__cdecl

__based(

C:\zesoy63\rekituzuca-dad-x.pdb

GetCommandLineW

PulseEvent

GetLocaleInfoA

FindActCtxSectionGuid

GetCurrentProcess

GetEnvironmentStringsW

GetUserDefaultLCID

GetSystemDefaultLCID

ReadConsoleW

FindActCtxSectionStringA

GetSystemWindowsDirectoryA

LeaveCriticalSection

VerifyVersionInfoA

WriteConsoleW

GetModuleFileNameW

GetConsoleOutputCP

InterlockedExchange

GetProcAddress

EnterCriticalSection

PrepareTape

LocalAlloc

WaitForMultipleObjects

GetModuleFileNameA

SetConsoleTitleW

GetModuleHandleA

AddConsoleAliasA

FindNextVolumeA

GetSystemTime

GetProfileSectionW

KERNEL32.dll

GetCharWidthFloatW

GDI32.dll

BackupEventLogA

BackupEventLogW

ADVAPI32.dll

HeapAlloc

GetStartupInfoW

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

DeleteCriticalSection

HeapFree

VirtualFree

VirtualAlloc

HeapReAlloc

HeapCreate

GetModuleHandleW

ExitProcess

WriteFile

GetStdHandle

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

GetLastError

InterlockedDecrement

HeapSize

RtlUnwind

SetHandleCount

GetFileType

GetStartupInfoA

SetFilePointer

CloseHandle

FreeEnvironmentStringsW

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

WideCharToMultiByte

GetConsoleCP

GetConsoleMode

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

InitializeCriticalSectionAndSpinCount

LoadLibraryA

CreateFileA

RaiseException

SetStdHandle

FlushFileBuffers

WriteConsoleA

MultiByteToWideChar

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

SetEndOfFile

GetProcessHeap

ReadFile

vijo.exe

@SetViceVariants@12

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

abcdefghijklmnopqrstuvwxyz

ABCDEFGHIJKLMNOPQRSTUVWXYZ

.?AVbad_exception@std@@

.?AVexception@std@@

.?AVtype_info@@

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

JXXXXXXXXX2e

XXXXXXXXXXXXXX

XXXX2e.

XXXXXXXXXXXXXV

oXXXXXXXXXX

XXXXXXXXX

oXXXXXX

goXXXXXX

XXXXXXX

gXXXXXXX

CeXXXXXXX

XXXXXXX

LXXXXXXXXXV

XXXXXXXXX

XXXXXXXXXX

4/`?`>-

XXXXXXXXXXXXX

XXXXXXXXXXXXXX

XXXXXXXXXXXXXXX

uYJXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXLg

e=XXXXXXXXXXXXXXXXXJ

XXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXX<e.

XXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXX~g

XXXXXXXXXXXXXXXXXXXXXo

XXXXXXXXXXXXXXXXXXXXXoLp

oXXXXXXXXXXXXXXXXXXXXXoK

XXXXXXXXXXXXXXXXXXXXXX

oXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXJ

XXXXXXXXXXXXXXXXXXXXXXXXXXX

]JXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXi

L8oXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXi

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXX

y&XXXXXXX

XXXXXXXXXXX9

XXXXXXXXX

XXXXXXXX

UXXXXXXX

XXXXXXX

9XXXXXXXX

*XXXXXXXXX"8

XXXXXXXXXX&86

XXXXXXXXXXXX

gXXXXXXXXXXXXXXU

LXXXXXXXXXXXXXXQ

P6XXXXXXXXXXXXXX

'UXXXXXXXXXXXXXXXX

^XXXXXXXXXXXXXXXXX

6XXXXXXXXXXXXXXXXXi

2XXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXX

xXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXL

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

0000000000000000000000000000000000000000000000000eg6

:s00000Q

qS000000

C?0000000F|

J0000000/Ui

00000000I@

0000000000

00000000

g~l'B`C

qNVx9A\

"CbtT6

(c~~N>

5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555

55555555555555555

5555555555555555

'+<'m.

f555555555555555

555555555555555

555555555555555e8)

555555555555555e

555555555555555

f555555555555555

CXX}XBM9@D

f555555555555555

Dpf555555555555555

<pf555555555555555

f555555555555555

5555555555555555

<p5555555555555555{

5555555555555555

mp5555555555555555

5555555555555555

+p5555555555555555

VVsssv

5555555555555555

sRA]0!

5555555555555555

rrnnnrrrnnrn

rGrsW4

5555555555555555

p5555555555555555

iccc??..

0UUUU SPSS

5555555555555555

55555555555555555

555555555555555555ff

55555555555555555555fff

5555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555555

nnnnnnnnnnn

nnnnnnnnnnnX

(nnnnnnnnnnn

nnnnnnnnnnnH

tnnnnnnnnnnn

nnnnnnnnnnnH

bCnnnnnnnnnnn

Cnnnnnnnnnnnb

nnnnnnnnnnn`<i

nnnnnnnnnnn

b(nnnnnnnnnnnH

lnnnnnnnnnnn

nnnnnnnnnnnHW

PWSb;nnnnnnnnnnnHa

nnnnnnnnnnn

lnnnnnnnnnnn~

;nnnnnnnnnnnYZ

;nnnnnnnnnnn

lnnnnnnnnnnn

00ege^

nnnnnnnnnnn

lnnnnnnnnnnn?

Pynnnnnnnnnnn

nnnnnnnnnnn

nnnnnnnnnnnnnnnnnn####OOO

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

yyyyyy

~yyyyyi

yyyyyVP*

\yyyyy

:{yyyyy^h$

yyyyyW

Oyyyyy

fCyyyyy_|/c>e

yyyyyt4

gyyyyy

yyyyyy

-2+1div~

<d{1Zx

KVD6mtl

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn!

!nnnnnn

nnnnnn

xxxxxxxxxxxxxxxxxxxxxxxxxxxx

nnnnnn

xTxTxTTTxTTTTTTTT_T______

nnnnnn

xxTxTxTxTTTTxTTTTTT_TTT______________

nnnnnn

xxTxTxTxTxTTTTTTTTTTT_TT_

_________

nnnnnn

xTxTxTxTTxTxTTxTTTTTT_TT_

________

nnnnnn

xxxTxTxTxTTTTxTTTTTTTTT_TT_

_______

nnnnnn

xxxxxTxTxxTxTTTxTTTTTTT_T

______

nnnnnn

xTxTxxTxTxTTTxTTTTTTTTTT_T

______

nnnnnn

xxxxTxxTxTxTxTxTxTxTTTTTTTT

nnnnnn

xxxTxxTxxTx

TTTTTTTTTT

nnnnnn

xxxxxxxTxxT

TxTTTTTT

nnnnnn

xxxxxTxxTxx

TTTTTTT

nnnnnn

xxxxxxxxTx

TTTTTTT

nnnnnn

xxxxxxTxxxT

nnnnnn

xxxxxxxxxx3

TKTTTTT

nnnnnn

xxxxxxTx

KTTTTTT

nnnnnn

xxxxxxx

KKTTTTT

nnnnnn

xxxxxxx

TKTTTTT

nnnnnn

xxxxxxb

KKTTTTTT

nnnnnn

xxxxxxb

TKTTTTT

nnnnnn

xxxxxxb

KKTTTT

nnnnnn

xxxxxxb

nnnnnn

xxxxxxb

nnnnnn

xxxxxb

nnnnnn

nnnnnni[~~~~~~~~~

kkkkkkkkkkkF

[innnnnn

nnnnnn

@}```,w-

nnnnnn

1nnnnnn

nnnnnn

oooJ$J

@}````

nnnnnnq

@}```}@

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

zzzzzzzzzzzzzz

*zrzrrrrrrrrr*r*r*******zr

*zrzrzrzrrrrrrr*r*r*r*r*zr

*zzrzrrrrrrrrrrrrr*r*r**zr

*zzrzrzrzrrrrrr*rr*r**r*rz

*zzzrzrzrrzrrrrrrrr*rr**zr

*zzrzzrz

zrrrrrrrr*rr*zr

*zzzzrzr

rrrrrr*r*zz

zzzzzz

rrr*rrr*zr

zzzrzrz

(rrrrr*rzr

zzzzzzz<

rrrrr*zz

zzzzzz

(rrrrrzr

zzzzz`

rrrrzz

(rrrrz

|WX[[ee

|WXX[[ee

|WXXX[ee

||||||=|==========

|||====

|||======

||||====

== =

bbb|||wDD

bbbbb|H

bbbbb|

bbbbbb=

bbbbbbb=

bbbbbbbb

{{{{{{{{{{{{{{{{{{{{{

{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{

.HUne4d

$9E[F'W

iiiiii

iiiiiiiiiiii

iiiiiiiiii

iiiiii

iiiiiiiii

iiiiiiiiiiiii

iiiiiiii

(null)

mscoree.dll

KERNEL32.DLL

((((( H

h(((( H

oyenaxivaxecesolajizefiyutov

mumefere pavegurovi

/ P6pL

,/KPip

/-P?pR

/ P6pL

,/KPip

/-P?pR

VS_VERSION_INFO

StringFileInform

020284c6

InternalName

sojbmoemonu.uhe

ProductVersion

8.19.590.38

VarFileInfo

Translation

DYap pawoviyafavo juvew fovavuy kiti texusocuso yehujakuvi mogehudeyuSNehonelelaru bilikugotav luxuvacokedux yiruh sixuxoyulapaf mosinis hige mudeyuhokid

WogipetuhevuLWehi jev nefenapi koze cejeze mijarupad sewomedamegebay legesuhuweni tagexerdHoyipewamazi sab dohubiwiv tegoronizise lev nesomogiwajace bizi newazapabarivud rifulafivovoji dotosdXupivixejuhuw lorojixi hedaj vawohihonakopal mutoy hatozitawore tajajo wedepapepivuziz ruxunalukituj

Cezuzikixeya

Gaw puw

Xuhahopecox tezumeguzotisidgCowaceyajut tayekasobeh jisezapumefom bagekuhekewok pabavof xavoho kumigep kenawuyud janoxivuhiju heruh

Xakexufix:Gahiw bijohidinoheyo ciyovoxojaned xec peh niketec xabucin

SWini fiboduwa puzasepirunal lafobesafoy yoyehodukex nuyeha tahudulifito tufobudoxohBYena hijuwumaden nihoxirucesix femi tikucigehedebuk nivulay vigegi_Winijijovipo cez sokituheki yagokokefojibeg wihukil xigagu xovivaveho yiwiwelen civigucoviteruc

Fad0Sunapecanuc zoviyinupup gadevomi gumuzodubuvajoh

Sarimeta

Liropogodud

0Dunud gujen nurejopumevipi xow ganuzu hevoxijepo,Subizucatal cola yupufemu xuhate joyi wekuyo"Bumutunawafi toteyu muborezasefotaZGuwiwofewi hivixecile xojujicibululav cezub lopidekuduve pizekul dicemaxoj sevadowukomokagTGarirozusa diwuxirozuwaho lafuyavodoroz nodigevi yubu fuxegajevicoh ten kusiyeb hobo%Bulaluzab zakukajiyiloc fusokoxudukiz

Antivirus	Signature
Bkav	Clean
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.Generic.30044693
FireEye	Generic.mg.884d66f9b2674168
CAT-QuickHeal	Ransom.Stopcrypt
ALYac	Trojan.Generic.30044693
Cylance	Unsafe
VIPRE	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005824f01 )
BitDefender	Trojan.Generic.30044693
K7GW	Trojan ( 005824f01 )
Cybereason	malicious.cf264d
Arcabit	Clean
Baidu	Clean
Cyren	W32/Kryptik.EWJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMLU
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Packed.Generic-9892879-0
Kaspersky	HEUR:Trojan.Win32.Zenpak.gen
Alibaba	Ransom:Win32/StopCrypt.94a46306
NANO-Antivirus	Clean
ViRobot	Clean
Tencent	Clean
Ad-Aware	Trojan.Generic.30044693
Sophos	Mal/Generic-R + Troj/Krypt-BO
Comodo	Malware@#3shdjoh1rpakv
F-Secure	Clean
DrWeb	Trojan.MulDrop18.41935
Zillya	Trojan.Kryptik.Win32.3447170
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Emotet.dh
CMC	Clean
Emsisoft	Trojan.Crypt (A)
SentinelOne	Static AI - Malicious PE
Jiangmin	TrojanSpy.Stealer.fhb
Webroot	W32.Trojan.Gen
Avira	TR/Crypt.ZPACK.tsvlf
MAX	malware (ai score=87)
Antiy-AVL	Trojan/Generic.ASMalwS.349C5BF
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Packed.ns
Microsoft	Ransom:Win32/StopCrypt.MBK!MTB
SUPERAntiSpyware	Clean
ZoneAlarm	Clean
GData	Win32.Packed.Kryptik.YLNGMP
Cynet	Malicious (score: 100)
AhnLab-V3	Ransomware/Win.Generic.R441478
Acronis	suspicious
McAfee	Packed-GDT!884D66F9B267
TACHYON	Clean
VBA32	Trojan.Zenpak
Malwarebytes	Trojan.MalPack.GS
Panda	Trj/Genetic.gen
Zoner	Clean
TrendMicro-HouseCall	TROJ_GEN.R002C0WIG21
Rising	Trojan.Kryptik!1.D977 (CLASSIC)
Yandex	Clean
Ikarus	Trojan.Win32.Crypt
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/GenKryptik.FKPI!tr
BitDefenderTheta	Gen:NN.ZexaF.34170.mq0@aCzGxhnG
AVG	Win32:CrypterX-gen [Trj]
Avast	Win32:CrypterX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Static Analysis

PE Compile Time

PDB Path

PE Imphash

Sections

Resources

Imports

Exports