popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2010-08-04 13:06:50

PE Imphash

84354178604622e0a5b23c227959c589

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001c268 0x0001d000 6.63323661376
.data 0x0001e000 0x0000211c 0x00001000 0.0
.rsrc 0x00021000 0x000008f4 0x00001000 1.94746315

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x000213b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000213b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000213b4 0x00000128 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00021384 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00021150 0x00000234 LANG_ENGLISH SUBLANG_ENGLISH_US data

Imports

Library MSVBVM60.DLL:
0x401000 _CIcos
0x401004 _adj_fptan
0x401008 __vbaFreeVar
0x40100c __vbaFreeVarList
0x401010 _adj_fdiv_m64
0x401014 __vbaFreeObjList
0x401018 _adj_fprem1
0x401020 _adj_fdiv_m32
0x401024 __vbaAryDestruct
0x401028 None
0x40102c __vbaObjSet
0x401030 __vbaOnError
0x401034 _adj_fdiv_m16i
0x401038 __vbaObjSetAddref
0x40103c _adj_fdivr_m16i
0x401040 None
0x401044 __vbaFpR8
0x401048 _CIsin
0x40104c __vbaChkstk
0x401050 EVENT_SINK_AddRef
0x401058 __vbaStrCmp
0x40105c __vbaAryConstruct2
0x401060 __vbaObjVar
0x401064 _adj_fpatan
0x401068 None
0x40106c __vbaLateIdCallLd
0x401070 None
0x401074 EVENT_SINK_Release
0x401078 _CIsqrt
0x401080 __vbaExceptHandler
0x401084 _adj_fprem
0x401088 _adj_fdivr_m64
0x40108c None
0x401090 __vbaFPException
0x401094 None
0x401098 _CIlog
0x40109c __vbaErrorOverflow
0x4010a0 __vbaNew2
0x4010a4 None
0x4010a8 _adj_fdiv_m32i
0x4010ac _adj_fdivr_m32i
0x4010b0 None
0x4010b4 _adj_fdivr_m32
0x4010b8 _adj_fdiv_r
0x4010bc None
0x4010c0 None
0x4010c4 __vbaI4Var
0x4010c8 __vbaFpI4
0x4010cc _CIatan
0x4010d0 __vbaStrMove
0x4010d4 _allmul
0x4010d8 _CItan
0x4010dc _CIexp
0x4010e0 __vbaFreeObj
0x4010e4 __vbaFreeStr
!This program cannot be run in DOS mode.
`.data
MSVBVM60.DLL
PREDISTORTION
ALLEGORISER
STYLOPIZED
STYLOPIZED
Option2
Option2
Check2
Check2
Combo2
Combo2
HScroll1
Timer1
Frame1
Frame1
Check1
Check1
Option1
Option1
Combo1
Combo1
H:p5uSAH
VB5!6&*
GENERALIST
ELSDYRSKINDENE
PREDISTORTION
PREDISTORTION
ALLEGORISER
EFTERBRNDER
LAGRINGSPRISERS
HEMIASCI
OVERBOERNE
BLASTOCYST
EANLINGS
PETALITE
PROTEGEER
HYPERCRYAESTHESIA
TUMLINGEVASER
EGNSPLANLGNINGS
DECIMALBROEK
DERIVATIVE
OMHANDLEDES
SPONTANISTENS
SIKKERHEDSPROCEDURE
VURDERINGSSUMMER
AFLURINGERNE
AGGREGATET
FORRENTEDES
MODARBEJDELSE
SEKSUALHORMONER
TEHRAN
NONSIBILANTLY
SPROGFORSKERES
MENUETTER
SDVANEN
ISTANDSTTER
PHILOLOGICAL
SULAIMA
MATEMATIKEMNERS
HACKTREE
NORMALINDSTILLINGEN
NICKELED
TIMBERLAND
SEJTFLYDENDES
DESIGN
STEDSBIORDENE
Check1
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Combo1
Check2
Option1
Timer1
Frame1
Combo2
HScroll1
Option2
gematriot
tigerspringets
Unsnoring5
ekspektancelister
VBA6.DLL
__vbaErrorOverflow
__vbaStrMove
__vbaFpR8
__vbaAryDestruct
__vbaObjVar
__vbaObjSetAddref
__vbaFpI4
__vbaFreeVar
__vbaLateIdCallLd
__vbaI4Var
__vbaGenerateBoundsError
__vbaOnError
__vbaFreeObjList
__vbaFreeVarList
__vbaFreeStr
__vbaStrCmp
__vbaFreeObj
__vbaHresultCheckObj
__vbaNew2
__vbaObjSet
__vbaAryConstruct2
$H:p5uSAH
H:p5uSAH
EFTERBRNDER
PROLETAR
ICC_PROFILE
mntrRGB XYZ
9acspAPPL
1$$1,5+(+5,N=77=NZLHLZnbbn
1$$1,5+(+5,N=77=NZLHLZnbbn
%7S3ZB
!*#@1 3\Wu
:6U~oV
pYruKi
[i,oYT
YxCS/}
lA/a`K
Fuz4XQ
f,O'}
YMYU%V
QG]G/ghgnr
-.FmK+
]/a)<3
Y+Q#I*
Y+FHK+
Nl|%+'*
Y+Fa;+
.mw$+a
*|%+j)
zEM+Ml
*PDq/T
oFKP/g
Y+'+2*
Y$*YX+
[}%#Q)
*i1:{?
|p}%# )
)7_K/y
r-Pqj'#
Y+F{2+
Wl/x,fJ
?b4P/P
Y+*T10
Y$*qX+
xw{/eu
Y$+O^+
Y+Q#Q*
Y+Q!Y#
Y+'#G)
@`B*ql
eTJDF.
Y+G8W+
@GU/asL
}V5g.o
Y+'~\+
Y+F'f+
/TKchj
Y+Q#I*
Y^XT]+E
MYTf9'
]!XRB*]
Y+%#M)
YMYQ>q
.?%#6)
Y+F5]+
"*%+H)
W.@M+U
?x'##)
8QU?ii
Yb'\V.m~
Yp-}\Ki
Y$+aX+
Y$+!X+
/oJ4l|?
E$!$Y+
Y+-VA{-~]
VRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR
-yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
I%BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
n\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
)erCwxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
q(++++++++++++++++++++++++++++++++++++++++++++++9
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
-sIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIIII
)3fxJccccccccccccccccccccccccccccccccccccc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
]FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
wxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASf
B2222222222222222222222222222222222222222222
YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY1
.mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
{MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMf
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNf1
jhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhKf
u$ooooooooooooooooooooooooooooooooooooooooooKf
ttttttttttttttttttttttttttttttttttttttttttttS
(TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT
h [->]
.-K_|=
sf#5"5
*[xnzKa
ZMX~=F
%%>eF=
wPp}s(
(R`{{"
AX@|@n
E@})*F
,Tr!;%
pp/Ai
ZA_y_qs
a`3DNS
l0tK9^
K&&*),
aQ~~*=
A.hckg
yDK%Bc
SZk0RP
ID]qd>Q,
4_(4(|
*(}H*j?UJ
6J"`6.{
?15-`o
9#TB_R
u>>"@i
H41vrG@
PROLETAR
Brikvvning5
Nargilehs6
UDBASUNERINGER
buskadserne
idiomuscular
Dekoratren
Fyldekalket6
BILABIALE
} jPh 9@
} jDh@9@
} jhh09@
} jhhl9@
} jhh09@
} jhh09@
} j`hl9@
} jhhl9@
} j`h09@
} jhhl9@
} jLhl7@
} jLhl7@
} j`h|9@
MSVBVM60.DLL
_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaFpR8
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
__vbaObjVar
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
Terracette
Andejagters
Wscript.shell
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
040904B0
Comments
CompanyName
ProductName
FileVersion
ProductVersion
InternalName
GENERALIST
OriginalFilename
GENERALIST.exe
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Mucc.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 99)
CMC Clean
CAT-QuickHeal Clean
ALYac Trojan.GenericKD.37648342
Malwarebytes Trojan.Injector
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 0040eff71 )
Alibaba Trojan:Win32/Nekark.4cade9ba
K7GW Riskware ( 0040eff71 )
CrowdStrike win/malicious_confidence_90% (W)
Baidu Clean
Cyren Clean
Symantec Packed.Generic.575
ESET-NOD32 a variant of Generik.IDJMLUZ
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan.Win32.Mucc.rua
BitDefender Trojan.GenericKD.37648342
NANO-Antivirus Trojan.Win32.Mucc.jcktda
SUPERAntiSpyware Clean
MicroWorld-eScan Trojan.GenericKD.37648342
Rising Clean
Ad-Aware Trojan.GenericKD.37648342
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Downloader.ch
FireEye Generic.mg.0f73289ff5a72fd0
Emsisoft Trojan.GenericKD.37648342 (B)
SentinelOne Static AI - Malicious PE
GData Trojan.GenericKD.37648342
Jiangmin Trojan.Mucc.cdc
Webroot Clean
Avira TR/AD.Nekark.deano
MAX malware (ai score=88)
Antiy-AVL Clean
Kingsoft Win32.Troj.Generic_a.a.(kcloud)
Gridinsoft Trojan.Win32.Downloader.sa
Arcabit Trojan.Generic.D23E77D6
ViRobot Clean
ZoneAlarm Trojan.Win32.Mucc.rua
Microsoft Trojan:Win32/Fareit!ml
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic.dx
TACHYON Clean
VBA32 TScope.Trojan.VB
Cylance Unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R011C0PIT21
Tencent Win32.Trojan.Mucc.Iit
Yandex Trojan.AvsArher.bTx33N
Ikarus Trojan.SuspectCRC
eGambit Unsafe.AI_Score_99%
Fortinet Malicious_Behavior.SB
BitDefenderTheta Gen:NN.ZevbaF.34170.im0@aW3kL6bi
AVG Win32:Malware-gen
Avast Win32:Malware-gen
MaxSecure Clean
No IRMA results available.