popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-10-30 18:50:07

PE Imphash

ca4c54abb883e5c1afbe2edfacafd15e

PEiD Signatures

Armadillo v1.71

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0002db0e 0x0002dc00 5.55516885569
.rdata 0x0002f000 0x000005b4 0x00000600 4.62588669713
.data 0x00030000 0x000000a0 0x00000200 0.0203931352361
.rsrc 0x00031000 0x00006e9e 0x00007000 7.47550110212
.reloc 0x00038000 0x000003da 0x00000400 4.12573587126

Resources

Name Offset Size Language Sub-language File type
RT_BITMAP 0x000365a0 0x00000020 LANG_NEUTRAL SUBLANG_DEFAULT data
RT_BITMAP 0x000365a0 0x00000020 LANG_NEUTRAL SUBLANG_DEFAULT data
RT_ICON 0x00036a28 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_ICON 0x00036a28 0x000010a8 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00037ad0 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_VERSION 0x00037af4 0x000003aa LANG_NEUTRAL SUBLANG_NEUTRAL Dyalog APL workspace 32-bit classic big-endian version 52.0

Imports

Library MSVCRT.dll:
0x42f030 _controlfp
0x42f034 _except_handler3
0x42f038 __set_app_type
0x42f03c __p__fmode
0x42f040 __p__commode
0x42f044 _adjust_fdiv
0x42f048 __setusermatherr
0x42f04c _initterm
0x42f050 __wgetmainargs
0x42f054 _wcmdln
0x42f058 exit
0x42f05c _XcptFilter
0x42f060 _exit
0x42f064 srand
0x42f068 rand
0x42f06c memset
Library KERNEL32.dll:
0x42f000 GetStartupInfoW
0x42f004 GetModuleHandleW
0x42f008 lstrcmpiW
0x42f00c LoadLibraryA
0x42f010 VirtualAlloc
0x42f014 GetProcAddress
0x42f018 VirtualAllocExNuma
0x42f01c VirtualFree
0x42f020 GetCurrentProcess
0x42f024 ExitProcess
!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
ntdll.dll
NtQueryInformationProcess
LoadLibraryA
GetProcAddress
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualAlloc
FreeLibrary
GetModuleFileNameA
VirtualProtect
GetModuleHandleA
lstrlenW
HeapAlloc
GetProcessHeap
lstrcatW
advapi32.dll
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
MSVCRT.dll
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
ExitProcess
GetCurrentProcess
VirtualFree
VirtualAllocExNuma
GetProcAddress
VirtualAlloc
LoadLibraryA
lstrcmpiW
GetModuleHandleW
GetStartupInfoW
KERNEL32.dll
GetSystemTimeAsFileTime
memset
nAGt_] 3
Q-w`(Q
CYLbib
>A&P
Q@abjr)"D
w8_RaL
F;R4]%w^
MTWc8=
qOTY*
k!M,2s9f
T:{13e
,[:uyL.
)^3vxc%
E.2O/K
v7.T-rj
{Wv0t:
I0|mtw
C?c.r8
[DDa3ZL2
b;c{"2
OW.Jyu
"dH-H/?
P '^ 3*
\_I*HN,?
nlmMV0
k9(6o8x
;`,A74
>zRVB
WlIeEz
S(M78o
SRn]R`c
0$0C0U0r0
2$252F2W2k2
4<5E5n5
77$7*70757:7?7F7L7Q7W7]7c7h7n7t7y7~7
8 8&8+80858<8B8G8M8S8Y8^8d8j8o8t8y8
9'949F9K9P9]9
:B:H:Y:
avghookx.dll
avghooka.dll
snxhk.dll
sbiedll.dll
api_log.dll
dir_watch.dll
pstorec.dll
vmcheck.dll
wpespy.dll
cmdvrt32.dll
cmdvrt64.dll
4840500222579530(
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
ConcernedApe
FileDescription
Stardew Valley
FileVersion
1.3.7853.31734
InternalName
Stardew Valley.exe
LegalCopyright
Copyright
ConcernedApe 2013
LegalTrademarks
OriginalFilename
Stardew Valley.exe
ProductName
Stardew Valley
ProductVersion
1.3.7853.31734
Assembly Version
1.3.7853.31734
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Trojan.Win32.Malicious.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Clean
ALYac Gen:Heur.ZOF.2
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Riskware ( 00584baa1 )
BitDefender Gen:Heur.ZOF.2
K7GW Riskware ( 00584baa1 )
Cybereason malicious.1ab9dd
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Generik.HOTRTHM
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky HEUR:Trojan.Win32.Zenpak.gen
Alibaba Clean
NANO-Antivirus Clean
SUPERAntiSpyware Clean
MicroWorld-eScan Gen:Heur.ZOF.2
Rising Trojan.Generic@ML.89 (RDMK:5Mo5Q4NVKDVk0zFMidBEzQ)
Ad-Aware Gen:Heur.ZOF.2
Emsisoft Gen:Heur.ZOF.2 (B)
Comodo .UnclassifiedMalware@0
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Upatre.dm
FireEye Generic.mg.eea1c3d1ab9dd50b
Sophos Mal/Generic-S
SentinelOne Static AI - Malicious PE
GData Gen:Heur.ZOF.2
Jiangmin Clean
Webroot Clean
Avira TR/Dropper.Gen
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.Sabsik.vb
Arcabit Trojan.ZOF.2
ViRobot Clean
ZoneAlarm HEUR:Trojan.Win32.Zenpak.gen
Microsoft Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3 Clean
Acronis Clean
McAfee Artemis!EEA1C3D1AB9D
TACHYON Clean
VBA32 BScope.TrojanSpy.Mufila
Malwarebytes MachineLearning/Anomalous.95%
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002H07JU21
Tencent Clean
Yandex Trojan.Zenpak!ns9gDCep0oM
Ikarus Trojan.SuspectCRC
eGambit Unsafe.AI_Score_80%
Fortinet W32/PossibleThreat
BitDefenderTheta AI:Packer.87110F6C1F
AVG Win32:Malware-gen
Avast Win32:Malware-gen
CrowdStrike win/malicious_confidence_70% (W)
MaxSecure Clean
No IRMA results available.