Static | ZeroBOX

PE Compile Time

2021-10-12 22:10:43

PE Imphash

f8446044d3827db30ca59c0186698c18

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00053df8 0x00053e00 5.90018318006
.data 0x00055000 0x0000011b 0x00000200 0.886634975768
.data 0x00056000 0x00000d81 0x00000e00 3.20744922595
.data 0x00057000 0x00000216 0x00000400 2.64814857446
.rsrc 0x00058000 0x0000e0d6 0x0000e200 4.58903151682

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x0005862c 0x00000c28 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT, block length 3072, next free block index 40, next free block 4294967295, next used block 4294967295
RT_BITMAP 0x0005862c 0x00000c28 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT, block length 3072, next free block index 40, next free block 4294967295, next used block 4294967295
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x00063fb0 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_MENU 0x00064418 0x000002ba LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x000646d4 0x000000f4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00064be4 0x0000002a LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00064be4 0x0000002a LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x00064e68 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x00064e68 0x00000010 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_RCDATA 0x00064e78 0x0000000f LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00064e88 0x00000066 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x00064ef0 0x0000018a LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text

Imports

Library kernel32.dll:
0x457008 LoadLibraryA
0x45700c VirtualAlloc
0x457010 VirtualProtect
0x457014 GetProcAddress
0x457018 lstrlenA
0x45701c lstrcatA
Library version.dll:
0x45703c VerInstallFileW
Library user32.dll:
0x457034 LoadKeyboardLayoutW
Library ole32.dll:
0x457024 HICON_UserUnmarshal
Library shell32.dll:
0x45702c StrRStrIW
Library GdiPlus.dll:

Exports

Ordinal Address Name
1 0x421e04 DllCanUnloadNow
!This program cannot be run in DOS mode.
`.data
@.data
kernel32.dll
version.dll
user32.dll
ole32.dll
shell32.dll
GdiPlus.dll
PQRVW=
@_^ZYX
PQRVW9
PRVW;e
QRVW;E
PQRVW9
PQRVW=
PQRVW=7
PQRVW=3
PQRVW=
PQRVW=
PQRVW=D
PQRVW=
PQRVW9
PQRVW=
N_^ZYX
PQRVW=
PQRVW;M
PQRVW9
AO_^ZYX
PQRV;]
PQRVW=e
PQRVW=;
H_^ZYX
PE h@"c
PE hQ
U "D(JP
QP("A"
(pA""P
2A "D
3P(*P*
2A "T
2A "@
2A "P
2A "P
^@*pD"
zD :A
E*.@*HU
]P(&Q"
yP(&U(
9@("Q"
UD(:P(
_D *U(
_D *U(
q@("Q*
_D *U(
nE*j@*j@*j
("@*j@*j@
"a@*0@
AA "A*
PP"A@*
+U JQ"
]@ "U"
Q @@ #
Q @@ #
{@"`Q
*.@(4T
P 2T B
aA*7A*
*J@*jD
WU*H@*j@*j
"Q @@ #
3@ "P(
(jQ(@T
KU"FA*
hP (Q(
P(nQ"\
(TQ tQ
M@"1T*
>Q"YT
(DD(lD(lD
D(LD(l
-T*)T"-T
yD")D"yD
T",T"<T 9T
iD"mD*(D
yD"yD*-D
MT"YT*
D(8D*hD
yT*yT(8T
iD*xD
(T(xT |T =T
D((D"(D
D 8D((D(8D ,D <D(,D(<D"(D"8D*(D*8D",D"<D*,D*<D )D 9D()D(9D -D =D(-D(=D")D"9D*)D*9D"-D"=D*-D*=D (D
LD*LD"
D*)D*9D
Q"zA b
QT(>@*
Easel.dll
DllCanUnloadNow
GetProcAddress
LoadLibraryA
lstrcatA
lstrlenA
VirtualAlloc
VirtualProtect
kernel32.dll
VerInstallFileW
version.dll
LoadKeyboardLayoutW
user32.dll
HICON_UserUnmarshal
ole32.dll
SymGetTypeInfo
imagehlp.dll
StrRStrIW
shell32.dll
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
r""""""""'x
r""""""""'x
r""""""""'x
""""'w
""""'xxxxx
""""'w
""""'w
""""'xxxxx
""""'w
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
AUU*++
%E`\9P
9d^s]N
58<aj.
{9T7mXe
)*y?iDI7
0Lt#J|]
0M4-:[/##
iW9zo1
\8gt`8
",R61V
B.M,U*
@kSc\@76
3W'sfx@
t^x%@Y
7LvE"4
kT]Mk!
FoV0M3&y
9f'-`
w}-?@kkk
PA<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADD
GdiPlus.dll
GdipAddPathClosedCurve2
o@nlxa
LoadJDa
Winamp Preferences
MS Shell Dlg
SysTreeView32
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
FireEye Generic.mg.f6be182d94ecfa61
CAT-QuickHeal Clean
McAfee RDN/Generic.rp
Cylance Unsafe
Zillya Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Clean
BitDefenderTheta Gen:NN.ZexaF.34236.yuW@aOfGKFci
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/GenKryptik.FMOK
Baidu Clean
APEX Malicious
Paloalto Clean
ClamAV Clean
Kaspersky UDS:DangerousObject.Multi.Generic
Alibaba Clean
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Clean
Tencent Clean
Ad-Aware Clean
TACHYON Clean
Sophos Mal/Generic-R + Mal/EncPk-APW
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.fm
CMC Clean
Emsisoft Clean
SentinelOne Static AI - Malicious PE
Jiangmin Clean
MaxSecure Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Malware.Win32.Gen.bot!se28925
Microsoft Trojan:Win32/Sabsik.FL.A!ml
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic@ML.85 (RDML:qqNYuXiQ1ilL0QgB4fSmQw)
Yandex Clean
Ikarus Trojan.Win32.Crypt
eGambit Unsafe.AI_Score_89%
Fortinet Clean
Webroot Clean
AVG FileRepMetagen [Malware]
Cybereason malicious.88e923
Avast FileRepMetagen [Malware]
No IRMA results available.