popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-11 01:49:09

PE Imphash

15cdf6e35545e491e70d9cafb0fc7871

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0002d054 0x0002d200 6.07840510931
.data 0x0002f000 0x00001000 0x00000400 0.0
.data 0x00030000 0x0400201c 0x00004400 2.04359697619
.rsrc 0x04033000 0x00013c54 0x00013e00 4.78681021699
.lwox 0x04047000 0x00045000 0x00045000 0.0
.vvny 0x0408c000 0x00048000 0x00048000 0.0
.vtbg 0x040d4000 0x00045000 0x00045000 0.0
.qtxm 0x04119000 0x00045000 0x00045000 0.0

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x04033328 0x000010ac LANG_NEUTRAL SUBLANG_DEFAULT data
RT_BITMAP 0x040343d4 0x00000828 LANG_NEUTRAL SUBLANG_DEFAULT dBase IV DBT, block length 2048, next free block index 40, next free block 2147450879, next used block 2147450879
RT_ICON 0x04034bfc 0x00010828 LANG_NEUTRAL SUBLANG_DEFAULT dBase III DBT, version number 0, next free block index 40
RT_MENU 0x040457e0 0x000000ae LANG_NEUTRAL SUBLANG_DEFAULT data
RT_MENU 0x040457e0 0x000000ae LANG_NEUTRAL SUBLANG_DEFAULT data
RT_MENU 0x040457e0 0x000000ae LANG_NEUTRAL SUBLANG_DEFAULT data
RT_DIALOG 0x0404616c 0x00000324 LANG_NEUTRAL SUBLANG_DEFAULT data
RT_DIALOG 0x0404616c 0x00000324 LANG_NEUTRAL SUBLANG_DEFAULT data
RT_STRING 0x04046490 0x0000060a LANG_NEUTRAL SUBLANG_DEFAULT data
RT_GROUP_CURSOR 0x04046a9c 0x00000014 LANG_NEUTRAL SUBLANG_DEFAULT Lotus unknown worksheet or configuration, revision 0x1
RT_GROUP_ICON 0x04046ab0 0x00000016 LANG_NEUTRAL SUBLANG_DEFAULT data
RT_MANIFEST 0x04046ac8 0x0000018a LANG_NEUTRAL SUBLANG_DEFAULT XML 1.0 document, ASCII text

Imports

Library kernel32.dll:
0x434000 GetProcAddress
0x434004 LoadLibraryA
0x434008 VirtualAlloc
0x43400c VirtualProtect
0x434010 GetCurrentThread
0x434014 lstrlenA
0x434018 lstrcatA
0x43401c lstrcmpA
Library user32.dll:
!This program cannot be run in DOS mode.
`.data
@.lwox
kernel32.dll
user32.dll
PQRVW=
PQRVW=
PQRVW9
H_^ZYX
F_^ZYX
(fP"6D
FD*fD"
"DD"LT
"DD"LT
D"|D*J
R@(.T"
VD"~T"
P*}A B
tT*fP*
U*1P*K
D(ID MD
(D(xD ,D
hT",T"<T*lT iT
<T"|T*,T
)T iT 9T
T ]T(]T
hT",T*lT
=T(mT"iT
D*xD"<D
XT"\T XT(
D"hD*xD
|T*hT*8T
,D(|D*,D"9D
,D*lD*<D
-D"mD"=D
T MT ]T
-T"mT*
GetCurrentThread
GetProcAddress
LoadLibraryA
lstrcatA
lstrcmpA
lstrlenA
VirtualAlloc
VirtualProtect
kernel32.dll
CsrBroadcastSystemMessageExW
user32.dll
9g9g9g
RJRJRJtNtNtN
^9g9g9g
RJRJtNtN
9g9g9g
tNtNtN
tNtNRJ
tNRJRJ
h 5/4y
:~~E_o
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Ave Al
En\ozing
ayszoz t
Ave Al
En\ozing
Ave Al
MS Shell Dlg
Classic Visualization Settings
Winamp Classic skins have a simple visualization in the main window. You can select what kind of visualization here, or click on the visualization to cycle through the modes.
Spectrum analyzer
Oscilliscope
No visualization
Visualization refresh rate:
msctls_trackbar32
Slider1
Spectrum Analyzer Options
Analyzer coloring style:
Normal style
Fire style
Line style
Analyzer falloff speed:
msctls_trackbar32
Slider1
Show peaks on analyzer
Analyzer peak falloff speed:
msctls_trackbar32
Slider1
Analyzer band width:
Oscilliscope Options
Oscilliscope drawing style:
MS Shell Dlg
DSP/Effect plug-in
The plug-in selected below will be active, and will usually modify the sound being played. Select (none) if you do not wish to use a DSP/Effect plug-in.
Plug-in module:
&Configure active plug-in
&Uninstall plug-in
Get plug-ins
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.5389b036dc60417f
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
Cybereason malicious.66336c
BitDefenderTheta Gen:NN.ZexaF.34142.xHW@aeeYgBiG
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Generik.HHYMXTP
Baidu Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky UDS:Trojan-Spy.Win32.Stealer
BitDefender Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Avast Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Mal/Generic-S
APEX Malicious
Jiangmin Clean
eGambit Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Trojan:Win32/Sabsik.FL.A!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!5389B036DC60
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Ikarus Trojan.Win32.Crypt
Zoner Clean
Rising Trojan.Generic@ML.98 (RDML:0Y21KlbUqf8IoVxoX5blAA)
Yandex Clean
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet Clean
Webroot Clean
Panda Clean
CrowdStrike win/malicious_confidence_60% (D)
No IRMA results available.