Static | ZeroBOX

Name	Virtual Address	Virtual Size	Size of Raw Data	Entropy
.text	0x00001000	0x00005f0e	0x00006000	4.43276429342
.rdata	0x00007000	0x00020e3a	0x00021000	7.70407550865
.data	0x00028000	0x00004ab4	0x00003000	5.87198698388
.rsrc	0x0002d000	0x00000479	0x00001000	1.03265118144
.reloc	0x0002e000	0x00000e62	0x00001000	3.11693493766

Name	Offset	Size	Language	Sub-language	File type
RT_VERSION	0x0002d060	0x00000388	LANG_NEUTRAL	SUBLANG_NEUTRAL	data

`.rdata

@.data

@.reloc

D$/*D$/

5#D$(f

d$w*d$w

9"+L$|

?t:D$ws

,kV{=y

]g_&8d

LQijilRUVx

hMwX\&2w[|Q

u{ZFB/

d&K,GK

X%?eo5

n'66CvC

)Zd+lTfEs

%OK^FB-8JVl2

d&.^[<D`[Ap4|1$

s!^kDoaCT6l

q?;Z#%h1

_IvQY24

T$"+L$$

L$$3L$$

t*iD$$^

@@@@@@@

D$4|8!

\$4f3\$4f

\$4=PE

D$83D$X

D$D9D$l

L$b:D$+

D$lf-"

D$(+D$(

D$(R~t

L$R<9t

L$ iT$4

m6[V2~

]~p0Y/KU7B

%[D#Qqn

/("<G/

m6[52~

Q!2lyq@e

=YOOU@

|}KZ.R

e['OWmN

}U['OUOB

u<>_?i

w EIM(

qTB`|.

y0Z.RW

Y&&-Rd

p0PR?L

A,pcKm

A,pcLm

^ pni2h

^p]VjMD

#<,BVM

$j05F82v/

e+}jx6

UN SRh

UN Th

Uvr^ cOh

ep%{1F

HMpU{1F

lQpEx1F

lUpa|1F

/t8uLS5

o^ 9@i4`%

^Z0E7(

^ pnirh

i2hC0b

bZi~aw

QU|~[,

M$dD oxi

1.cmsh[r

1F owi

5.khshY

n zwi2h

^ pni2h

F-=j 3

^ pr2s

2,1F84M

D^E\z

j@1F8-E

F84KPe/

1F S-h

1.Gsh

7X>2x>

6sh8&T

Ush8&RP

^ zzirh

].S6shS

CZ^ pnirh

L<j41F8

@sh8bRS

Z0E7([

D=HL<j

irhSIM

HMpuB1F

nirhWIM

E.G:sh

4j\2F8

^ pni2h

L^ png

sh8&RW

ijh{HM

A.3FshS

h.7mshS

NKW{K8

F+qJG`

sh8&RS

D^ png

]pngrh

F#+EG-

jx5F8*7p

HMp11F

GL<jH1F8

^^ n8^

UB5RUk

mi2hK0

HMpm31F#N

^ pni2hG0

Dj@1F8

=,mgC*w

DNVNJD

1._sh

zwi2h

piP1Fk{

e6t^UY(

IQpngrh

.s sh[

_?^ poi2h'0&

c9di2h

1g0kJM

nirhKJM

irhGJM

,*Vr=D

(njFj;;

/.7.shW

D=I\>F+

jh1F84u

.VeF86

.Gsh8&T

F+uj<,

D.VRTD

F+uj<,

nejhgHM

HMp}M1F

/.W:shW*

A.?LshS

D:V2KD

i9h_Ae^

4d*veBh

j<2F84us

qx<AG-ci

jp2F82

izhwIM

DCE"0e

w+}j<6

F+=j C

^Qrg2h

l=G5^f

J)tv s

245)Yv

D9W<~9

HU%7G8

DJVr)D

sF8,7XY

6JLwZEV

NKW{Kpq

NKW{Kp

.voF8pw

.jTF84

(.NiF8

Dvni:hC

1F!apg

S""CKN

]VfSD

Ab zug

(!k1d

4n-)6";O

UR Ojg

.n<F84

5DCKbD

2Z0E7(

t*ri*h

^ 9Ii

C7=}a0

.F.E76

J+}j\2

oMOi1a

rgY=LZ

J+}j\2

RfvJ96

`,kgB($K

F84>gBJ

V.R1F8-3

1F 3>g

/61F86

=,mgC*w

sh8(qK

b2&!+Y

L<jL2F86

.rPF84C

Zppr.PX

DCE",e1lv

U.kSrg

E74k u3d

I(pp:

qP.3w\

J)uj|,kiL

N+rVco

`8+ {(

9lijh7IM

i2h0^dE

p\LqsR+Ej;y

j)ujd4w

V4k1G]

]pni2h

{,nxpng

~$[^\qO

rg8&RS

n,6,jOM

5.SsrgQ

nirh_HM

^A7eOj\

e]pni1p

].clrgY

!ki^H^

^9mi(H\

LM@M$dD

/tLeRh

'DK;#B

9.i1L#

\]pt:s

V..-E7

,7X455P

5.CbrgY

UJ [*g

2F8Bve[r

U-=j k&g

.E#l}J

9.kVrgW

lep5G0E

{yq,b)L

,EX{V

A.C4rg8&

PNsKfuj@

U.K?rgYj

&D^OjD

aki^k8

3<p}u0E

(CG/C\7

R-=j g

LRg5j|

r#N~g9

2F84BP

^ 9m3q

.rgS%<

pvi;L%

@{u!!O5

y.7hrgY

^A&eaj\

1C4>P=%

:b {}g

XUWsZG`

=,kgC*y

=,mgC*w

${hBBR

D.V26C

E7.3wR

(BnRSk

@3:6EV

9lgax^

9ElQr:Y|

'9,UjWm

.2.E7kwh

/E1F8,

s[+}j<4\

89shWv

ne7\^K

KJ)rV#

G'cKZJ

Fx4zj}

A(k|\c]

]woMow

8h7"qH

rTGI4E

QYJ &T

5lW[}L

aF- 2\

L\:iKA

-O=uml

+Id!4>q

o'/cq~

aF- 2\

upD};K

o(r.i<

Bh~|!IV0

mY9O(&6

y7cZk?

^ A:ZFD

^ +p#K

c7!0LB

wbR2+j

It}YkU

zJetp=

lj5Y':

T{+-xS

desimplerthe

mi9iaLtol

was6Xfront,9k

the29,pornt4,

51beenrocksOpt-in?andmeaningupdates.180see

buddyonly4jordan4.1X

Theysthat

separatereportedandoA7adoptedpassedabilitya

systems:117vVRtoferrariFythroughon

S58AKsurgingVfirstoi

Bseparatemaximum

multi-processusestAfterbymartin

xpackagetoandnmarineenterjQto

tocouldMozillascottP

BeenebfexedeaeFeerearyteetdiepleyedWeeeeC.7eJe

aecaeledaenoencemeets.eqAe

ehaleonejaethetcontenecheenels:

Leuseesfiest

yHeteepeesedreeoee

beoeseesoineetallic

toeeneteeseeppee

aepleceteon.vNesteveeetern.teee

gpoiree

ldollirefgt.dll

DDplsoecrVwqase

kernel32.Sleep

rpidebbfll.pdb

RegOverridePredefKey

ADVAPI32.dll

GetIfTable

IPHLPAPI.DLL

GetModuleFileNameW

KERNEL32.dll

SHGetDesktopFolder

SHELL32.dll

OLEAUT32.dll

ShowOwnedPopups

USER32.dll

SetupDiEnumDeviceInfo

SETUPAPI.dll

memset

msvcrt.dll

5Y':.R

.iKq1P

x&Y-Qd

Ey*Z.R

y'Z.R@

q1YG+UP

5=./"!

}'Z.RK

7+8g8m8

496A7F7r;

\0`0d0h0l0p0t0x0|0

1(1,1014181<1@1D1H1L1P1T1X1\1`1d1h1l1p1t1x1|1

2 2$2(2,2024282<2@2D2H2P2T2X2\2`2d2h2l2p2t2x2|2

3 3$3(3,3034383<3@3D3H3L3P3T3X3

4 4$4L4X4\4`4d4h4l4p4t4x4|4

5$5(5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5

6 6$6(6,6064686<6@6D6L6P6T6X6\6`6d6h6l6p6t6x6|6

7 7$7(7,7074787<7@7D7H7L7P7T7|7

8 8H8T8X8\8`8d8h8l8p8t8x8|8

9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9p9t9|9

: :$:(:,:0:4:8:<:@:H:L:P:T:X:\:`:d:h:l:p:t:x:|:

; ;$;(;,;0;4;8;<;@;D;H;L;P;x;

<D<P<T<X<\<`<d<h<l<p<t<x<|<

= =$=(=,=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=p=x=|=

> >$>(>,>0>4>8><>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>

jofalikematchmaggietheirb

6969PattackerininwhichgZa

uPwn2Ownseveral2t8AXKsubmissions

xsewfourJ9theWindows

chesterLinux.43Mmain9S

boundaryLarmfoundx

KMfirstthatthemesL

Preferrg6

interracersingErtensionsprevrouslyusingY

oursideitpwitrexisting1r11colrertion.29rxploter,

pages.UtptateotherGtogtetheEtheoptfor

Altetnatively,iJother,c

Xatdtransferredt012,setutityv

VS_VERSION_INFO

StringFileInfo

000004b0

CompanyName

Sun Microsystems, Inc.

FileDescription

Java(TM) 2 Platform Standard Edition binary

FileVersion

6.3.00.0

Full Version

6.3.0_00-b00

InternalName

LegalCopyright

OriginalFilename

newd.dll

ProductName

Newd(ON) 2 Hansssni Wzstauhs Izbrjnl 5.0 Urdate 6

ProductVersion

6.3.00.0

VarFileInfo

Translation

Antivirus	Signature
Bkav	W32.AIDetect.malware2
Lionic	Clean
Elastic	malicious (high confidence)
MicroWorld-eScan	Clean
FireEye	Generic.mg.49b0e4b2386c4c7f
CAT-QuickHeal	Clean
ALYac	Clean
Malwarebytes	Malware.Heuristic.1001
VIPRE	Clean
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Clean
BitDefender	Clean
K7GW	Clean
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	Gen:NN.ZedlaF.34218.lu8@aKig83
Cyren	Clean
Symantec	Packed.Generic.517
ESET-NOD32	Clean
Baidu	Clean
APEX	Malicious
Paloalto	Clean
ClamAV	Clean
Kaspersky	VHO:Trojan-Downloader.Win32.Cridex.nxt
Alibaba	Clean
NANO-Antivirus	Virus.Win32.Gen.ccmw
ViRobot	Clean
Tencent	Clean
Ad-Aware	Clean
Emsisoft	Clean
Comodo	Clean
F-Secure	Clean
DrWeb	Clean
Zillya	Clean
TrendMicro	Clean
McAfee-GW-Edition	BehavesLike.Win32.Drixed.cc
CMC	Clean
Sophos	Mal/Generic-R + Mal/EncPk-APX
SentinelOne	Static AI - Suspicious PE
GData	Clean
Jiangmin	Clean
Webroot	Clean
Avira	Clean
MAX	Clean
Antiy-AVL	Clean
Kingsoft	Clean
Gridinsoft	Clean
Arcabit	Clean
SUPERAntiSpyware	Clean
ZoneAlarm	UDS:DangerousObject.Multi.Generic
Microsoft	Trojan:Win32/Emotet.LK!ml
Cynet	Malicious (score: 100)
AhnLab-V3	Clean
Acronis	Clean
McAfee	Drixed-FJX!49B0E4B2386C
TACHYON	Clean
VBA32	Clean
Cylance	Unsafe
Panda	Clean
Zoner	Clean
TrendMicro-HouseCall	Clean
Rising	Trojan.Generic@ML.90 (RDML:IRZ3t0StIdT+6zvdckCbYA)
Yandex	Clean
Ikarus	Clean
eGambit	Clean
Fortinet	Clean
Avast	Clean
MaxSecure	Clean

Static Analysis

PE Compile Time

PE Imphash

Sections

Resources

Imports