Static | ZeroBOX

PE Compile Time

1970-01-01 09:00:00

PE Imphash

4bfde1223391e32fec766cd1d41fa3e7

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000418 0x00000600 3.85269972653
.rdata 0x00002000 0x000004ad 0x00000600 5.3301724184
.bss 0x00003000 0x00000004 0x00000000 0.0
.rsrc 0x00004000 0x000001f0 0x00000200 4.80843328983

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text

Imports

Library msvcrt.dll:
0x40234c strlen
0x402350 malloc
0x402354 memset
0x402358 _sleep
0x40235c __argc
0x402360 __argv
0x402364 _environ
0x402368 _XcptFilter
0x40236c __set_app_type
0x402370 _controlfp
0x402374 __getmainargs
0x402378 exit
Library kernel32.dll:
0x402380 CreateProcessA
0x402384 CloseHandle

!This program cannot be run in DOS mode.
`.rdata
w7=&b-blp[p]=a).q)]mx,n@qu>=2bxe
L^W@XCWGRQ
XG_yXQOb
IIlQ]tR[
B`Y?QT\O(
%_IZB_#
)Xn\F
XH'VINB
(QXn\F
msvcrt.dll
strlen
malloc
memset
_sleep
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
kernel32.dll
CreateProcessA
CloseHandle
SetUnhandledExceptionFilter
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Trojan.Multi.Generic.4!c
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Gen:Variant.Zusy.401118
FireEye Generic.mg.2d82ec0905de054c
CAT-QuickHeal Clean
ALYac Gen:Variant.Zusy.401118
Cylance Unsafe
Sangfor Trojan.Win32.Bsymem.adlz
CrowdStrike Clean
BitDefender Gen:Variant.Zusy.401118
K7GW Trojan ( 005883fd1 )
K7AntiVirus Trojan ( 005883fd1 )
BitDefenderTheta Gen:NN.ZexaF.34214.aqW@aewLqkci
Cyren Clean
ESET-NOD32 a variant of Win32/Agent.ADMO
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan.Win32.Bsymem.adlz
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Gen:Variant.Zusy.401118
Emsisoft Gen:Variant.Zusy.401118 (B)
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition GenericRXQB-TQ!2D82EC0905DE
CMC Clean
Sophos Mal/Generic-S
SentinelOne Clean
GData Gen:Variant.Zusy.401118
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira TR/Agent.jwuiz
MAX malware (ai score=80)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Ransom.Win32.Wacatac.sa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win32.Bsymem.adlz
Microsoft Trojan:Win32/Casdet!rfn
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Generic.R440300
Acronis Clean
McAfee GenericRXQB-TQ!2D82EC0905DE
TACHYON Clean
VBA32 BScope.Trojan.Nitol
Malwarebytes Trojan.Downloader
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PJC21
Tencent Win32.Trojan.Zusy.Htwc
Yandex Clean
Ikarus Trojan.Win32.Agent
eGambit Clean
Fortinet W32/Tiny.NFR!tr
AVG Win32:TrojanX-gen [Trj]
Avast Win32:TrojanX-gen [Trj]
MaxSecure Clean
No IRMA results available.