popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-09-11 01:49:09

PE Imphash

852551719e3ff5d6f84ac5d0cab1e5e4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000da65e 0x000da800 5.86333237317
.edata 0x000dc000 0x00000070 0x00000200 0.668149562919
.data 0x000dd000 0x00001000 0x00000800 0.0
.data 0x000de000 0x00000e5a 0x00001000 1.06759570406
.rsrc 0x000df000 0x00015a24 0x00015c00 4.8771383347
0x000f5000 0x00005000 0x00005000 0.0
0x000fa000 0x00005000 0x00005000 0.0
0x000ff000 0x00005000 0x00005000 0.0
0x00104000 0x00005000 0x00005000 0.0

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000f3158 0x00000988 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x000f3158 0x00000988 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x000f3158 0x00000988 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x000f3158 0x00000988 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MENU 0x000f445c 0x000002b4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MENU 0x000f445c 0x000002b4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MENU 0x000f445c 0x000002b4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MENU 0x000f445c 0x000002b4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x000f4710 0x00000128 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_RCDATA 0x000f4838 0x00000017 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x000f4850 0x00000046 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000f4898 0x0000018a LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library kernel32.dll:
0x4dec00 GetProcAddress
0x4dec04 LoadLibraryA
0x4dec08 VirtualAlloc
0x4dec0c VirtualProtect
0x4dec10 GetCurrentThread
Library ole32.dll:
0x4dec18 CoGetContextToken
0x4dec1c CoCreateGuid
0x4dec20 OleUninitialize
0x4dec24 OleInitialize
0x4dec30 CoFileTimeNow
0x4dec34 CoGetCurrentProcess
Library winspool.drv:
0x4dec44 DeletePrinterKeyA

Exports

Ordinal Address Name
1 0x4555f6 GetFilePath
!This program cannot be run in DOS mode.
`.edata
@.data
PQRVW=Js
A_^ZYX
PQRVW9
PQVW;u
PQRVWh
P pP pP p
hP (Q(
P(nQ"\
;@*7Q(<
*bD"+T
#@*!T
*\P $P
TT*kQ
UT |T"
U EP(=
U*BT*>P
U 8P q@
"hD*uT(
E -A*%A
(TQ tQ
M@"1T*
>Q"YT
P*}A B
tT*fP*
U*1P*K
P*}A B
tT*fP*
U*1P*K
pP(`@"
E([E U
7E %E O
"ME(AE(
5E -E
*+A*KA*
wE(}E(
E"wU*}
A"UA*[
(D@"4D*
T@"4D*
D@"4D*
P*bT"$
D(YD*YD
(D*lD )D
T(<T"hT
9T*9T"mT
iD"=D*mD
-D*mD(8D
lT*<T(-T(}T
<D()D(}D
yD*mD*,D
D xD(8D*8D"<D(iD
<D*|D iD
D )D"xD
XD(MD(
-T hT
(D",D(-D
|T()T"-T
hD )D }D
-D(mD(=D*iD
)D*iD*9D
=D"}D*-D
)D*9D*-D"8D
D(LD ID
\D"HD YD
HT(HT
}D*=D*h
}T(<T"
\T \T(
|T*lT )T
T =T"9T lT(
lT(<T"8T
,D*,D iD
T"MT LT
lD(,D(|D"8D
yD"mD hD(
T ]T*IT
)T*-T*=T
mD mD"-D
=T*(T*
mD ,D(
=T(}T*)T*9T
hD ,D"}D
T"}T*=T
T*lT iT
LD*XD(H
|T )T yT
mT =T(mT
yT*)T*yT
mT*=T hT
lD <D(lD
xD*(D*xD
lD*<D iD
yD -D }D
iD"9D*iD
}D*-D*}D
xT ,T |T
hT"8T*hT
|T*,T*|T
iT(9T mT
}T")T"yT
mT"=T*mT
T(<T"(T"8T*(T*8T",T"<T*,T*<T )T 9T()T(9T -T =T(-T(=T")T"9T*)T*9T"-T"=T*-T*=T (T
,D*9T"
D 8D((D(8D ,D <D(,D(<D"(D"8D*(D*8D",D"<D*,D*<D )D 9D()D(9D -D =D(-D(=D")D"9D*)D*9D"-D"=D*-D
9D 9D"=D
8T*8T*,T
-T -T(=T"9T*9T
-T"-T*=T
D((D ,D
(D"(D*8D
9D 9D -D(-D
=D(=D*)D
=D*=D((D
D 8D((D(8D ,D <D(,D(<D"(D"8D*(D*8D",D"<D*,D*<D )D 9D()D(9D -D =D(-D(=D")D"9D*9D"-D"=D*-D*=D 8D(
<T",T )T
=T")T"-T"=T
D((D(8D ,D <D
(D",D"<D*,D*<D )D 9D(9D -D =D(-D(=D")D"9D*)D*9D
,T"(T"8T*(T*8T",T
=T")T"9T*)T
8D ,D"(D"8D
<D )D -D =D(-D(=D")D
T 8T((T(8T ,T <T(,T(<T"(T"8T*(T*8T",T"<T*,T*<T )T 9T()T(9T -T
-T*)T"=T*-T*=T (T
D 8D((D(8D ,D <D
(D",D"<D*,D*<D )D
9D"-D"=D (D
T 8T((T(8T ,T <T(,T"(T*(T*8T",T*,T )T()T -T(-T")T
=T (T
8D",D"<D )D 9D
)D"9D*)D"=D*-D
_A*iU"FA
T(BP
Q@ 2Q*
1@("A"
CU*JD"
*M@(6@
tT(*D
Q@ 6Q"
2A "P
*Q @@ #
"Q @@ #
nT VP
jE*\A
*CU*_U
"WE*_U
"Q @@ #
(WA*wU
s@ *Q
U@ .A"
q@(2A"
1T(*Q*
QP(2Q*
h@ :Q
qA*BD*
SQ*}U"
RQ*UU
*CU*WU
&E"`A*
2A "P
@"a@ 2
P"2T BU
@ `@ `@ `@ `@ `@
Y@("A"b
3P 2Q"
(WA*_U
{@ "T
Q@ "Q
#E*.@"
Q@ "T"
QP 2U
(FE*]U
[@ "T
uD *U(
uD *U(
uD *U(
uD *U(
uD *U(
@"k@ 2
Q*BA"b
"RT*_U
GU*_U*
BU*_U*
V@*wU*
*C@*WU
*ST*}U
*BT*}U
(BT*]U*
"VD*]U
(RD*]U*
*RT*uU
VD*]U
"GT*UU*
*VD*uU
"BD*uU
*WD*UU
FD*UU*
(WD*uU
"BD*uU
*SP*]U
SP*]U"
FP*]U
(G@*}U
S@*]U*
*CP*uU
(SP*uU
"FP*uU
VP*uU
F@*]U
B@*UU
(B@*uU
;P "U
s@ "T
q@*7A"
Q ?U"nA
U <T"i
TT(*D
Y@(4T*
RU*7U"
"A@ 2T
CU*WU
FU*WU
AA %U
S@ "Q(
AA %U
Q( Q A
AA %U
TA*$U
AA %U
;U )U
{Q(_U*^
Q )U
AA 1U
[A )U
QA*4U
{A !U
QQ*4U
YA*$U
QA !U
{A*4U
[A !U
QA*4U
QQ*4U
QA !U
QA )U
YQ*$U
}A !U
Q@ 6A"
.Q*zA*
BP"nP"
v@*WP
CQ @A"
E*.@*HU
@(!U"B
uD *Q
Q@ "Q
nE*j@*j@*j
("@*j@*j@
"Q @@ #
)E*.D
U .T .
]P(&Q"
UP(&Q"
]@(&P*
9@("Q"
9@("Q"
UD(:P(
UD(:P(
VP"nT"
VP"nT"
@"I@(6
@"I@(6
*T BU
]D *U(
_D *U(
_D *U(
q@("Q*
_D *U(
9T *P(
JT(:A
jQ @A"
@*j@*j@
Q@ "A"
UD *U(
@*j@*j
*FE*]U
ZE"(@ TP(
*GA*_U
Y@ "A"
A bP"HT
?Q PP(
"FE*wU
aA*7A*
PP"A@*
"CU*uU
+U JQ"
(R@*wU"
FD*]U"
"CA*UU
S@*]U
"RP*UU
3@ "P(
GetFilePath
GetCurrentThread
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualProtect
kernel32.dll
CoCreateGuid
CoFileTimeNow
CoFreeUnusedLibraries
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
OleInitialize
OleUninitialize
ole32.dll
DeletePrinterKeyA
winspool.drv
AccessibleObjectFromWindow
oleacc.dll
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
Do7n,oa
Sett,n2
ave`lackz
vV Op>
onpair
kpMi{ns
ource
*oa\ ba;k
the d
ftusbar
Do7n,oa
Sett,n2
`lve z
onpair
kpMi{ns
Resour
L\ad ;a
eb AL8
l`aes
i!ally
b orL8
Cascad
e`Eeit
Lo!d optil:s
ackup,
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
McAfee Artemis!6A46023492D4
Malwarebytes Malware.AI.662758648
VIPRE Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Trojan.GenericKD.47019901
K7GW Trojan ( 00585f691 )
K7AntiVirus Trojan ( 00585f691 )
Baidu Clean
Cyren Clean
ESET-NOD32 a variant of Win32/Kryptik.HMPI
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan-PSW.Win32.Racealer.maj
Alibaba TrojanPSW:Win32/Racealer.e17603db
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKD.37661855
Rising Trojan.Generic@ML.93 (RDML:D6xdNjvSCM6dWFKj45HVjw)
Ad-Aware Trojan.GenericKD.47019901
Emsisoft Trojan.GenericKD.47019901 (B)
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Generic.tm
FireEye Generic.mg.6a46023492d437f7
Sophos Mal/EncPk-APW
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.37661855
Jiangmin Clean
Webroot Clean
Avira TR/AD.StellarStealer.ozgjl
Antiy-AVL Clean
Kingsoft Win32.PSWTroj.Racealer.m.(kcloud)
Gridinsoft Clean
Arcabit Trojan.Generic.D2CD777D
ViRobot Clean
ZoneAlarm Clean
Microsoft Trojan:Script/Phonzy.A!ml
TACHYON Clean
AhnLab-V3 Clean
Acronis suspicious
ALYac Trojan.GenericKD.47019901
MAX malware (ai score=82)
VBA32 Clean
Cylance Unsafe
Panda Trj/CI.A
Zoner Probably Heur.ExeHeaderH
TrendMicro-HouseCall TrojanSpy.Win32.RACEALER.USMANIQ21
Tencent Win32.Trojan-qqpass.Qqrob.Wozu
Yandex Trojan.PWS.Racealer!m6ziQ7epDjk
Ikarus Trojan.Win32.Crypt
eGambit Clean
Fortinet W32/Kryptik.HMLF!tr
BitDefenderTheta Gen:NN.ZexaF.34170.bLW@aiu8syii
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
MaxSecure Trojan.Malware.121218.susgen
No IRMA results available.