Static | ZeroBOX

PE Compile Time

2020-05-24 22:40:22

PE Imphash

4563c74acbd357d386b177e402b96ce4

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00020578 0x00020600 6.00892758679
.data 0x00022000 0x00004c7c 0x00004e00 7.00722033128
.eh_fram 0x00027000 0x000005d8 0x00000600 4.5721581532
.bss 0x00028000 0x00006684 0x00000000 0.0
.edata 0x0002f000 0x00000031 0x00000200 0.457367446222
.idata 0x00030000 0x000013e8 0x00001400 5.25660940376
.reloc 0x00032000 0x00000dac 0x00000e00 6.57191343719

Imports

Library ADVAPI32.DLL:
0x4303a0 CryptCreateHash
0x4303a4 CryptDestroyHash
0x4303a8 CryptGetHashParam
0x4303ac CryptHashData
0x4303b0 CryptReleaseContext
0x4303b4 GetUserNameW
0x4303b8 RegCloseKey
0x4303bc RegCreateKeyExA
0x4303c0 RegDeleteKeyA
0x4303c4 RegDeleteValueA
0x4303c8 RegEnumKeyExA
0x4303cc RegEnumValueA
0x4303d0 RegOpenKeyExA
0x4303d4 RegQueryValueExA
0x4303d8 RegSetValueExA
Library CRYPT32.DLL:
0x4303e0 CryptUnprotectData
Library GDI32.dll:
0x4303e8 BitBlt
0x4303f0 CreateCompatibleDC
0x4303f4 DeleteDC
0x4303f8 DeleteObject
0x4303fc GetDIBits
0x430400 SelectObject
Library KERNEL32.dll:
0x430408 CloseHandle
0x43040c CreateDirectoryW
0x430410 CreateFileW
0x430414 CreateMutexA
0x430418 CreatePipe
0x43041c CreateProcessA
0x430424 DeleteFileW
0x43042c ExitProcess
0x430434 FindClose
0x430438 FindFirstFileA
0x43043c FindFirstFileW
0x430440 FindNextFileA
0x430444 FindNextFileW
0x430448 FreeLibrary
0x43044c GetCommandLineA
0x430450 GetComputerNameW
0x430454 GetCurrentProcessId
0x430458 GetCurrentThreadId
0x43045c GetDiskFreeSpaceExA
0x430460 GetDriveTypeA
0x430468 GetFileAttributesW
0x43046c GetLastError
0x430470 GetLocalTime
0x430478 GetModuleFileNameW
0x43047c GetProcAddress
0x430480 GetProcessTimes
0x430484 GetStartupInfoA
0x430488 GetSystemInfo
0x43048c GetSystemTime
0x430490 GetTickCount
0x430494 GetVersionExA
0x4304a4 LoadLibraryA
0x4304a8 LocalFree
0x4304ac MoveFileW
0x4304b0 MultiByteToWideChar
0x4304b4 OpenProcess
0x4304b8 PeekNamedPipe
0x4304bc Process32First
0x4304c0 Process32Next
0x4304c4 ReadFile
0x4304c8 ReleaseMutex
0x4304cc ResumeThread
0x4304d0 SetErrorMode
0x4304d4 SetFileAttributesW
0x4304d8 SetFilePointer
0x4304dc Sleep
0x4304e0 TerminateProcess
0x4304e4 WideCharToMultiByte
0x4304e8 WriteFile
Library msvcrt.dll:
0x4304f0 _assert
0x4304f4 _beginthreadex
0x4304f8 _errno
0x4304fc _filelengthi64
0x430500 _mkdir
0x430504 _snwprintf
0x430508 _stat
0x43050c _vscprintf
0x430510 _vsnprintf
0x430514 _wfopen
0x430518 calloc
0x43051c fclose
0x430520 fflush
0x430524 fgetpos
0x430528 fgets
0x43052c fopen
0x430530 fread
0x430534 free
0x430538 freopen
0x43053c fseek
0x430540 fsetpos
0x430544 ftell
0x430548 fwprintf
0x43054c fwrite
0x430550 getenv
0x430554 localtime
0x430558 malloc
0x43055c memcmp
0x430560 mktime
0x430564 realloc
0x430568 remove
0x43056c sprintf
0x430570 strcat
0x430574 strchr
0x430578 strcmp
0x43057c strcpy
0x430580 strncpy
0x430584 time
0x430588 utime
0x43058c wcscat
Library NETAPI32.DLL:
0x430594 NetApiBufferFree
0x430598 NetWkstaGetInfo
Library SHELL32.DLL:
0x4305a0 SHFileOperationW
0x4305a4 ShellExecuteA
0x4305a8 ShellExecuteW
Library USER32.dll:
0x4305b0 CreateWindowExW
0x4305b4 DefWindowProcW
0x4305b8 DispatchMessageA
0x4305bc EnumWindows
0x4305c0 GetDC
0x4305c4 GetDesktopWindow
0x4305c8 GetForegroundWindow
0x4305cc GetKeyNameTextW
0x4305d0 GetKeyState
0x4305d4 GetKeyboardState
0x4305d8 GetLastInputInfo
0x4305dc GetMessageW
0x4305e0 GetSystemMetrics
0x4305e4 GetWindowTextW
0x4305e8 IsWindowVisible
0x4305ec MapVirtualKeyW
0x4305f0 PostQuitMessage
0x4305f4 RegisterClassExW
0x4305f8 ReleaseDC
0x4305fc SendMessageA
0x430600 SendMessageW
0x430604 SetCursorPos
0x430608 SetWindowTextW
0x43060c ShowWindow
0x430610 ToUnicode
0x430614 TranslateMessage
0x430618 keybd_event
0x43061c mouse_event
Library WS2_32.dll:
0x430624 WSACleanup
0x430628 WSAGetLastError
0x43062c WSAIoctl
0x430630 WSAStartup
0x430634 __WSAFDIsSet
0x430638 closesocket
0x43063c connect
0x430640 gethostbyname
0x430644 htons
0x430648 inet_ntoa
0x43064c ioctlsocket
0x430650 ntohs
0x430654 recv
0x430658 select
0x43065c send
0x430660 setsockopt
0x430664 shutdown
0x430668 socket

!This program cannot be run in DOS mode.
P`.data
.eh_fram
0@.bss
.edata
0@.idata
.reloc
T4 C2W
l$,;T$(
D$(;D$|}9
D$,tt1
D$2b/B
D$@b/B
#D$ ;D$
D$(;\$(
D$"x64
D$(t61
D$,t41
9L$Dr@
9D$H~M;|$P}G
L$8<Uu
D$0;D$Pr
D$0;D$Pr
T$4;t$,
L$,9L$ }
|$09|$$
;t$ }3A
D$(9D$`
D$`9D$(s6
D$FBMf
t/;L$
;|$4}6
T$8T$
T$(9T$,
C0;C4s
C0;C4s
C0;C4s
C0;C4s
{0;{4s
K0;K4s
K0;K4s
C0;C4s
K0;K4s
K0;K4s
K0;K4s
S0;S4s
S0;S4s
+C@;C$
S0;S4s
S0;S4s
+S@;S$
C0;C4s
C0;C4s
S0;S4s
S0;S4s
C0;C4s
{0;{4s
C0;C4s
C0;C4s
{0;{4s
S89D$
T$,;T$4
D).9D$ s_
D$,3L$03D$4
9L$@v.
\$09\$(
9L$Pv,
9L$Hv.
\$09\$(
t$L9t$$
td+D$(9
D$<fHy
C(;D$\
L$ 9L$$tl
|$4+|$
9|$@tb
|$4+|$
t$Rf;7
D$,9D$$
D$(9D$ v
u59D$0u/
|$T9D$(v"
T$ +T$
\$(9\$
D$<9D$$
|$4)t$
D$89D$
D$$;D$<
D$89D$ v
T$L)D$
D$h)D$(
t59[Duy
S<9D$h
#D$p#T$t
V<9D$`
L$4)T$
U<9D$<
tD;t$8s
V<9D$8
%s\%s.%s
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
8ccccc/Bcccccccccccccccccccccccccccccccccccccc
%8DmgM
#7@Qhq\1@NWgyxeH\_bpdgc%.2d/%.2d/%d %.2d:%.2d:%.2d
_BqwHaF8TkKDMfOzQASx4VuXdZibUIeylJWhj0m5o2ErLt6vGRN9sY1n3Ppc7g-C%.4d-%.2d-%.2d %.2d:%.2d:%.2d
socks=
j5.!VaN
SR=9f<
http://%s%s
%.2d/%.2d/%d %.2d:%.2d:%.2d
%c%.8x%s
%s @ %s
%6\%6.dfd
iphlpapi.dll
psapi.dll
kernel32.dll
Ed5jf5dRSdSqYsqCVid
Ed5jf5dRSdSuSsqCVid
Ed590WYd66XlCnd_4idLCldD
PiW6dS
m465dR4Rn...
MvL MdR5
MvL rdYd42dS
j65CVi46IdS
_4R UC45 (G)
_4R UC45 (h)
PiW6d UC45
PiW64Rn...
mC65 DPH
q4ld UC45
adid5d qPc
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
?456789:;<=
 !"#$%&'()*+,-./0123
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
!&.37<
"%/28;=#$019:>?
PTLLjPq %6:%S -qq9/G.y
R-W65: %6:%S
200 OK
mWYCi a46w
%s (%s)
filenames.txt
%s\*.*
U4R-55sTsdR
winhttp.dll
U4R-55sEd590WfZ_W0u0i
U4R-55sEd5Xj90WfZPWR84n_W0PQ00dR5u6d0
MT_qUDrj\F4Y0W6W85\U4RSWg6\PQ00dR5zd064WR\rQR\
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56
NetWire
SOFTWARE\
HostId
SOFTWARE\NetWire
%Rand%
Install Date
-m "%s"
MT_qUDrj\F4Y0W6W85\DY542d Md5Qs\XR65CiidS PWlsWRdR56\%6
M5QV9C5I
GET %s HTTP/1.1
Host: %s
User-Agent: Mozilla/4.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.8
Connection: close
200 OK
%s%.2d-%.2d-%.4d
[%.2d/%.2d/%d %.2d:%.2d:%.2d]
[cCYw6sCYd]
[jR5d0]
[D00Wg md85]
[D00Wg us]
[D00Wg r4nI5]
[D00Wg aWgR]
[-Wld]
[9Cnd us]
[9Cnd aWgR]
[c0dCw]
[adid5d]
[XR6d05]
[904R5 MY0ddR]
[MY0Wii mWYw]
[PCs6 mWYw]
[Ctrl+%s]
[P50i+%Y]
rdn465d0rCgXRsQ5ad24Yd6
user32.dll
Ed5rCgXRsQ5aC5C
%.2d-%.2d-%.4d
MdYQ0Nh.Sii
m6CEd5mWnWRMd664WRaC5C
m6C_0ddrd5Q0RcQ88d0
m6CjRQld0C5dmWnWRMd664WR6
Default=
MT_qUDrj\FWk4iiC\%6\
PQ00dR5zd064WR
MT_qUDrj\FWk4iiC\%6\%6\FC4R
XR65Cii a40dY5W0Z
lWkQ54i6.Sii
lWkniQd.Sii
lWk67i45dN.Sii
Mozilla Firefox
APPDATA
%6\FWk4iiC\_40d8Wf\s0W84id6.4R4
%6\FWk4iiC\_40d8Wf\%6
Mozilla Thunderbird
%6\qIQRSd0V40S\s0W84id6.4R4
%6\qIQRSd0V40S\%6
SeaMonkey
%6\FWk4iiC\MdCFWRwdZ\s0W84id6.4R4
%6\FWk4iiC\MdCFWRwdZ\%6
%6\64nRWR6.67i45d
%6\iWn4R6.e6WR
NSS_Init
9HGGpEd5XR5d0RCiHdZMiW5
9HGGpDQ5IdR54YC5d
9mpcC6doOadYWSd
MjPXqjFpx80ddX5dl
9HGGMarpadY0Zs5
9HGGp_0ddMiW5
LMMpMIQ5SWgR
67i45dNpWsdR
67i45dNpYiW6d
67i45dNps0dsC0dp2h
67i45dNp65ds
67i45dNpYWiQlRp5df5
6didY5 * 80Wl lWkpiWn4R6
hostname
encryptedUsername
encryptedPassword
IW65RCld
%6\Tsd0C\Tsd0C\gCRS.SC5
%6\Tsd0C\Tsd0C\s0W84id\gCRS.SC5
%6\.sQ0sid\CYYWQR56.fli
<s0W5WYWi>
<RCld>
<sC66gW0S>
9T9N u6d0
9T9N Md02d0
9T9N 9C66gW0S
XFD9 u6d0
XFD9 Md02d0
XFD9 9C66gW0S
-qq9 u6d0
-qq9 Md02d0
-qq9 9C66gW0S
MFq9 u6d0
MFq9 Md02d0
MFq9 9C66gW0S
jDM u6d0
jDM Md02d0 urm
jDM 9C66gW0S
%c%c%S
%c%c%s
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Y0Zs5Nh.Sii
P0Zs5uRs0W5dY5aC5C
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
%s\*.*
4RSdf.SC5
2CQi5Yi4.Sii
zCQi5TsdRzCQi5
zCQi5PiW6dzCQi5
zCQi5jRQld0C5dX5dl6
zCQi5Ed5X5dl
zCQi5_0dd
History
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
0x%02hhX
encrypted_key
LOCALAPPDATA
%6\EWWnid\PI0Wld\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Google\Chrome\User Data\Default\Login Data
%s\Google\Chrome\User Data\Local State
%6\PI0Wl4Ql\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Chromium\User Data\Default\Login Data
%s\Chromium\User Data\Local State
%6\PWlWSW\a0CnWR\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Comodo\Dragon\User Data\Default\Login Data
%s\Comodo\Dragon\User Data\Local State
%6\vCRSdf\vCRSdfc0Wg6d0\u6d0 aC5C\ad8CQi5\mWn4R aC5C
%s\Yandex\YandexBrowser\User Data\Default\Login Data
%s\Yandex\YandexBrowser\User Data\Local State
%s\BraveSoftware\Brave-Browser\User Data\Default\Login Data
%s\BraveSoftware\Brave-Browser\User Data\Local State
%s\360Chrome\Chrome\User Data\Default\Login Data
Chrome\Chrome\User Data\Default\Login Data
%s\360Chrome\Chrome\User Data\Local State
%6\Tsd0C MW85gC0d\Tsd0C M5CVid\mWn4R aC5C
l62Y0Gyy.Sii
l62YsGyy.Sii
l62Y0Ghy.Sii
l62YsGhy.Sii
Cs43l63g4R3YW0d354ldkWRd3iG3G3y.Sii
Cs43l63g4R3YW0d384id3iG3G3y.Sii
Cs43l63g4R3YW0d384id3ih3G3y.Sii
Cs43l63g4R3YW0d3iWYCi4kC54WR3iG3h3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3h3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3G.Sii
Cs43l63g4R3YW0d384id3iG3h3y.Sii
Cs43l63g4R3Y0530QR54ld3iG3G3y.Sii
Cs43l63g4R3Y0536504Rn3iG3G3y.Sii
Cs43l63g4R3Y053IdCs3iG3G3y.Sii
Cs43l63g4R3Y05365S4W3iG3G3y.Sii
Cs43l63g4R3Y053YWR2d053iG3G3y.Sii
Cs43l63g4R3Y053iWYCid3iG3G3y.Sii
Cs43l63g4R3Y053lC5I3iG3G3y.Sii
Cs43l63g4R3Y053lQi54VZ5d3iG3G3y.Sii
Cs43l63g4R3Y05354ld3iG3G3y.Sii
Cs43l63g4R3Y05384id6Z65dl3iG3G3y.Sii
Cs43l63g4R3Y053dR240WRldR53iG3G3y.Sii
Cs43l63g4R3Y053Q54i45Z3iG3G3y.Sii
Cs43l63g4R3YW0d36504Rn3iG3G3y.Sii
Cs43l63g4R3YW0d3RCldSs4sd3iG3G3y.Sii
Cs43l63g4R3YW0d3ICRSid3iG3G3y.Sii
Cs43l63g4R3YW0d3IdCs3iG3G3y.Sii
Cs43l63g4R3YW0d3i4V0C0ZiWCSd03iG3G3y.Sii
Cs43l63g4R3YW0d36ZRYI3iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd665I0dCS63iG3G3y.Sii
Cs43l63g4R3YW0d3s0WYd66dR240WRldR53iG3G3y.Sii
Cs43l63g4R3YW0d3SC5d54ld3iG3G3y.Sii
Cs43l63g4R3YW0d36Z64R8W3iG3G3y.Sii
Cs43l63g4R3YW0d3YWR6Wid3iG3G3y.Sii
Cs43l63g4R3YW0d3SdVQn3iG3G3y.Sii
Cs43l63g4R3YW0d3s0W84id3iG3G3y.Sii
Cs43l63g4R3YW0d3ldlW0Z3iG3G3y.Sii
Cs43l63g4R3YW0d3Q54i3iG3G3y.Sii
Cs43l63g4R3YW0d305i6QssW053iG3G3y.Sii
Cs43l63g4R3YW0d34R5d0iWYwdS3iG3G3y.Sii
QY05VC6d.Sii
2Y0QR54ldGOy.Sii
l62YsGOy.Sii
lWkY05Gt.Sii
67i45dN.Sii
R6s0O.Sii
siYO.Sii
siS6O.Sii
R66Q54iN.Sii
R66N.Sii
6W85WwRN.Sii
R66SVlN.Sii
Ed5FWSQid_4idLCldjfD
psapi.dll
kernel32.dll
%.2d/%.2d/%d %.2d:%.2d:%.2d
0x%.8X (%d)
0x%.16llX (%I64d)
%c%.8x%s
%c%.8x%s%s
%c%.8x%s\%s
%c%.8x%s\%s
ComSpec
WINDIR
%6\6Z65dlNh\YlS.dfd
localhost
Unknown
Ed5LC542dMZ65dlXR8W
wd0RdiNh.Sii
EiWVCiFdlW0ZM5C5Q6jf
kernel32.dll
-DraUDrj\ajMPrX9qXTL\MZ65dl\PdR50Ci90WYd66W0\y
ProcessorNameString
DiiWYC5dDRSXR454Ci4kdM4S
advapi32.dll
PIdYwqWwdRFdlVd06I4s
_0ddM4S
WINDIR
%d:%s%s;
%d:%I64u:%s%s;
%c%llu
bits <= ((1U << len) - 1U)
code < TDEFL_MAX_HUFF_SYMBOLS_2
d->m_huff_code_sizes[0][s_tdefl_len_sym[match_len]]
d->m_huff_code_sizes[0][lit]
!d->m_output_flush_remaining
d->m_pOutput_buf < d->m_pOutput_buf_end
pArray->m_element_size
9.1.15
(cur_match_len >= TDEFL_MIN_MATCH_LEN) && (cur_match_dist >= 1) && (cur_match_dist <= TDEFL_LZ_DICT_SIZE)
lookahead_size >= cur_match_len
max_match_len <= TDEFL_MAX_MATCH_LEN
(match_len >= TDEFL_MIN_MATCH_LEN) && (match_dist >= 1) && (match_dist <= TDEFL_LZ_DICT_SIZE)
d->m_lookahead_size >= len_to_move
d->m_pPut_buf_func
(local_dir_header_ofs & (pZip->m_file_offset_alignment - 1)) == 0
(zip->entry.header_offset & (pzip->m_file_offset_alignment - 1)) == 0
stream end
need dictionary
file error
stream error
data error
out of memory
buf error
version error
parameter error
../nettle-3.5.1/aes-encrypt.c
!(length % AES_BLOCK_SIZE)
L&&jl66Z~??A
Oh44\Q
sb11S*
uB!!c
D""fT**~;
;d22Vt::N
J%%o\..r8
gg}V++
jL&&Zl66A~??
Sb11?*
tX,,.4
RRMv;;a
MMUf33
PPDx<<
cB!!0
~~Gz==
fD""~T**
Vd22Nt::
xxoJ%%r\..$8
tt!>
ppB|>>
aa_j55
UUxP((z
&jL&6Zl6?A~?
~=Gz=d
"fD"*~T*
2Vd2:Nt:
x%oJ%.r\.
t!>K
a5_j5W
=&&jL66Zl??A~
g99KrJJ
==Gzdd
""fD**~T
22Vd::Nt
$$lH\\
77Ynmm
%%oJ..r\
!>KK
55_jWW
:,../nettle-3.5.1/gcm.c
ctx->auth_size % GCM_BLOCK_SIZE == 0
ctx->data_size == 0
ctx->data_size % GCM_BLOCK_SIZE == 0
length <= GCM_BLOCK_SIZE
../nettle-3.5.1/memxor.c
n == 1
../nettle-3.5.1/memxor3.c
n == 1
../nettle-3.5.1/aes-set-key-internal.c
nk != 0
../nettle-3.5.1/ctr16.c
length < 16
length - i < CTR_BUFFER_LIMIT
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
GCC: (Rev3, Built by MSYS2 project) 9.1.0
Host.exe
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptReleaseContext
GetUserNameW
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
CryptUnprotectData
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject
CloseHandle
CreateDirectoryW
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateToolhelp32Snapshot
DeleteFileW
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeLibrary
GetCommandLineA
GetComputerNameW
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetFileAttributesExW
GetFileAttributesW
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameW
GetProcAddress
GetProcessTimes
GetStartupInfoA
GetSystemInfo
GetSystemTime
GetTickCount
GetVersionExA
GetVolumeInformationA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LocalFree
MoveFileW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
ReleaseMutex
ResumeThread
SetErrorMode
SetFileAttributesW
SetFilePointer
TerminateProcess
WideCharToMultiByte
WriteFile
_assert
_beginthreadex
_errno
_filelengthi64
_mkdir
_snwprintf
_vscprintf
_vsnprintf
_wfopen
calloc
fclose
fflush
fgetpos
freopen
fsetpos
fwprintf
fwrite
getenv
localtime
malloc
memcmp
mktime
realloc
remove
sprintf
strcat
strchr
strcmp
strcpy
strncpy
wcscat
NetApiBufferFree
NetWkstaGetInfo
SHFileOperationW
ShellExecuteA
ShellExecuteW
CreateWindowExW
DefWindowProcW
DispatchMessageA
EnumWindows
GetDesktopWindow
GetForegroundWindow
GetKeyNameTextW
GetKeyState
GetKeyboardState
GetLastInputInfo
GetMessageW
GetSystemMetrics
GetWindowTextW
IsWindowVisible
MapVirtualKeyW
PostQuitMessage
RegisterClassExW
ReleaseDC
SendMessageA
SendMessageW
SetCursorPos
SetWindowTextW
ShowWindow
ToUnicode
TranslateMessage
keybd_event
mouse_event
WSACleanup
WSAGetLastError
WSAIoctl
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
inet_ntoa
ioctlsocket
select
setsockopt
shutdown
socket
ADVAPI32.DLL
CRYPT32.DLL
GDI32.dll
KERNEL32.dll
msvcrt.dll
NETAPI32.DLL
SHELL32.DLL
USER32.dll
WS2_32.dll
0 0+010;0E0
2%313|3
4[4S5.6
5P6\6l6|6
?(?0?7?>?P?[?b?i?
1%1;1E1[1b1v1
2+252K2R2d2n2}2
3#353u3
424m4w4
646;6V6`6p6w6
7%7?7I7P7[7k7y7
8,8D8R8n8
0)0M0f0
2&2-282A2H2U2\2i2r2y2
444A4M4d4q4~4
9W9^9e9q9x9
:7:J:P:f:r:w:}:
; ;\;d;~;
;><K<R<W<c<j<q<%=4=C=
> >1>@>O>^>m>|>
?4?9?Y?f?
1-151=1D1d1
;';@;H;M;Z;
><>C>_>y>
9c:G;b;
3&6.7g7
3*464U4a4
6*616?6
72888N8U8f8
9959<9
:::G:l:
;1;L;d;|;
<$<<<T<
=(=X=^=i=
=3>9>Y>l>
?6?>?c?
102=2c2
7@7[7c7r7w7
<V=c=r=
=2>j>}>
3#3Z3b3q3
4L4S4h4}4
5,5F5f5
7#787[7n7
78R8m8
8/8C8m;J<
+0?0S0&222
8#?/?O?[?
2 212N2[2k2|2
2`243@3
5%6?6M6g6u6
9 :A:W:|:
112[2$4
878>8|8
.858a8
9"9t={=
4&4.464>4F4N4V4^4f4n4v4~4
5&5.565>5F5N5V5^5f5n5v5~5
6&6.666>6F6N6V6^6f6n6v6~6
7&7.767>7F7N7V7^7f7n7v7~7
8&8.868>8F8N8V8^8f8n8v8~8
9&9.969>9F9N9V9^9f9n9v9
;N;U;[;
;.<5<;<
2!2'2?2F2L2
2:3g3n3t3
4L5S5Y5
6E8L8R8
/2K2U2g2q2
3!5(5.5F5M5S5
9 9$9(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:t:x:|:
; ;$;(;,;0;4;8;<;@;D;H;L;P;T;X;\;`;d;
d=h=l=p=t=x=|=
4L4P4T4X4\4`4T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8D=L=T=\=d=l=t=|=
InternetProxy
http://www.yandex.com
ssdaClass
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.NetWiredRC.m!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.21c97621d2f2374f
CAT-QuickHeal Backdoor.NetwiredrIH.S21443742
McAfee GenericRXKH-LK!21C97621D2F2
Cylance Unsafe
VIPRE Clean
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Spyware ( 0055216c1 )
BitDefender Trojan.GenericKD.47239316
K7GW Spyware ( 0055216c1 )
Cybereason malicious.1d2f23
Baidu Clean
Cyren W32/S-6c6572b7!Eldorado
Symantec Infostealer
ESET-NOD32 Win32/Spy.Weecnaw.L
APEX Malicious
Paloalto generic.ml
ClamAV Win.Dropper.NetWire-8025706-0
Kaspersky Backdoor.Win32.NetWiredRC.lac
Alibaba Backdoor:Win32/NetWiredRC.34083420
NANO-Antivirus Trojan.Win32.Wirenet.hlbptg
ViRobot Trojan.Win32.Z.Netwire.164352.BN
MicroWorld-eScan Trojan.GenericKD.47239316
Rising Backdoor.NetWire!1.C98D (CLASSIC)
Ad-Aware Trojan.GenericKD.47239316
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb BackDoor.Wirenet.557
Zillya Trojan.Weecnaw.Win32.761
TrendMicro Backdoor.Win32.NETWIRED.SMK
McAfee-GW-Edition BehavesLike.Win32.Dropper.ch
CMC Clean
Emsisoft Trojan-Spy.Weecnaw (A)
SentinelOne Static AI - Malicious PE
GData Win32.Trojan.Netwire.C
Jiangmin Backdoor.NetWiredRC.bld
Webroot W32.Trojan.Gen
Avira TR/Spy.Gen
Antiy-AVL Trojan/Generic.ASMalwS.309056C
Kingsoft Clean
Gridinsoft Ransom.Win32.Wacatac.oa!s1
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Backdoor:Win32/Netwire.GG!MTB
TACHYON Backdoor/W32.NetWire.164352
AhnLab-V3 Trojan/Win32.RL_NetWiredRC.R342610
Acronis Clean
BitDefenderTheta Gen:NN.ZexaF.34236.kCW@amsq2rh
ALYac Backdoor.RAT.Netwire
MAX malware (ai score=86)
VBA32 BScope.TrojanSpy.Loyeetro
Malwarebytes Backdoor.Quasar
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Backdoor.Win32.NETWIRED.SMK
Tencent Malware.Win32.Gencirc.10ce3933
Yandex Trojan.GenAsa!DOgbQEDHp9A
Ikarus Backdoor.Rat.Netwire
eGambit Unsafe.AI_Score_71%
Fortinet W32/Ulise.103681!tr
AVG Win32:RATX-gen [Trj]
Avast Win32:RATX-gen [Trj]
CrowdStrike win/malicious_confidence_90% (W)
MaxSecure Trojan.Malware.102170081.susgen
No IRMA results available.