Static | ZeroBOX

PE Compile Time

2020-08-09 10:25:12

PDB Path

C:\wuxale23 rupebipeg_xaxomejoro41\zohim\josozukama-niced.pdb

PE Imphash

ed38ab5cc3f4fd753cddd79c6cfea0fc

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001cdc0 0x0001ce00 7.61083476519
.rdata 0x0001e000 0x00005c2c 0x00005e00 4.73690614764
.data 0x00024000 0x00008fd0 0x00001800 2.92756286705
.zeho 0x0002d000 0x00000272 0x00000400 0.0
.rsrc 0x0002e000 0x00073d50 0x00007e00 5.74009093303

Resources

Name Offset Size Language Sub-language File type
AFX_DIALOG_LAYOUT 0x000337f8 0x0000000e LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_CURSOR 0x000351f8 0x000000b0 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_CURSOR 0x000351f8 0x000000b0 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_CURSOR 0x000351f8 0x000000b0 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_CURSOR 0x000351f8 0x000000b0 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_CURSOR 0x000351f8 0x000000b0 LANG_NEUTRAL SUBLANG_NEUTRAL GLS_BINARY_LSB_FIRST
RT_ICON 0x000332d0 0x00000468 LANG_KANNADA SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x000332d0 0x00000468 LANG_KANNADA SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x000332d0 0x00000468 LANG_KANNADA SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x000332d0 0x00000468 LANG_KANNADA SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x000332d0 0x00000468 LANG_KANNADA SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_STRING 0x00035970 0x000003de LANG_HUNGARIAN SUBLANG_DEFAULT data
RT_STRING 0x00035970 0x000003de LANG_HUNGARIAN SUBLANG_DEFAULT data
RT_STRING 0x00035970 0x000003de LANG_HUNGARIAN SUBLANG_DEFAULT data
RT_ACCELERATOR 0x000337d0 0x00000018 LANG_HUNGARIAN SUBLANG_DEFAULT data
RT_ACCELERATOR 0x000337d0 0x00000018 LANG_HUNGARIAN SUBLANG_DEFAULT data
RT_GROUP_CURSOR 0x000352a8 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_CURSOR 0x000352a8 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_CURSOR 0x000352a8 0x00000022 LANG_NEUTRAL SUBLANG_NEUTRAL data
RT_GROUP_ICON 0x00033738 0x0000004c LANG_KANNADA SUBLANG_DEFAULT data
RT_VERSION 0x000352d0 0x000001b4 LANG_NEUTRAL SUBLANG_NEUTRAL data
None 0x000337e8 0x0000000a LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x41e000 HeapReAlloc
0x41e004 LoadResource
0x41e008 HeapAlloc
0x41e00c SetMailslotInfo
0x41e018 SetEvent
0x41e01c GetTickCount
0x41e020 TlsSetValue
0x41e024 FindResourceExA
0x41e028 GlobalAlloc
0x41e02c LoadLibraryW
0x41e030 InitAtomTable
0x41e034 FindNextVolumeW
0x41e038 WriteConsoleW
0x41e03c CreateActCtxA
0x41e044 GetProcAddress
0x41e048 VirtualAlloc
0x41e050 PrepareTape
0x41e054 GetAtomNameA
0x41e058 LoadLibraryA
0x41e05c WriteConsoleA
0x41e064 GetModuleFileNameA
0x41e070 AddConsoleAliasA
0x41e074 CreateFileW
0x41e078 HeapSize
0x41e07c DecodePointer
0x41e080 EncodePointer
0x41e084 GetCommandLineA
0x41e088 HeapSetInformation
0x41e08c GetStartupInfoW
0x41e094 ReadFile
0x41e0a0 IsDebuggerPresent
0x41e0a4 TerminateProcess
0x41e0a8 GetCurrentProcess
0x41e0b8 RtlUnwind
0x41e0bc SetHandleCount
0x41e0c0 GetStdHandle
0x41e0c4 GetFileType
0x41e0cc GetLastError
0x41e0d0 SetFilePointer
0x41e0d4 TlsAlloc
0x41e0d8 TlsGetValue
0x41e0dc TlsFree
0x41e0e4 GetModuleHandleW
0x41e0e8 SetLastError
0x41e0ec GetCurrentThreadId
0x41e0f4 HeapFree
0x41e0f8 CloseHandle
0x41e0fc ExitProcess
0x41e100 WriteFile
0x41e104 GetModuleFileNameW
0x41e10c WideCharToMultiByte
0x41e110 HeapCreate
0x41e118 GetCurrentProcessId
0x41e120 MultiByteToWideChar
0x41e124 Sleep
0x41e128 GetCPInfo
0x41e12c GetACP
0x41e130 GetOEMCP
0x41e134 IsValidCodePage
0x41e138 CreateFileA
0x41e13c SetStdHandle
0x41e140 GetConsoleCP
0x41e144 GetConsoleMode
0x41e148 FlushFileBuffers
0x41e14c RaiseException
0x41e150 LCMapStringW
0x41e154 GetStringTypeW
0x41e158 SetEndOfFile
0x41e15c GetProcessHeap
Library USER32.dll:
0x41e164 GetCursorPos

!This program cannot be run in DOS mode.
`.rdata
@.data
@.rsrc
VVh0B
f-00f=
HHtXHHt
?If90t
<at,<rt"<wt
URPQQh0A@
j@j ^V
Y;=HNB
^SSSSS
tRHtCHt4Ht%HtFHHt
to=pOB
tCHt(Ht
;t$,v-
UQPXY]Y[
tWItHIt9It
j h`3B
t"SS9] u
<+t"<-t
+t HHt
PPPPPPPP
PPPPPPPP
V-s,D#1
'[zf4*[J
nwqo+CW[
7b!5|\
'`}~<F0Oy
!77ACo
O$yE9 :
[;1?.c<
Y3;{7G
K;:4,H
a!xDXh
Vf}5\*s
BkGQ(']R
;oJ+G{
KJKb[P2
j+0Q$X4
;S0_<cr
$'.'n^{
f1%1&f=
BUL_e$
c-aW'G"
Mi4<:=V
"<SvrU->
l:)&H#
3\.\x>
Sj88|2
n%7>-G]?
#@RwpI
F[3FfM
r$YCgd
wc"Rc_EK
oh=+Ox
N-d]%;
-!g9JSi
p(ceY__!
k6U_Rm
JJ9dZ(
".\GXs
fg&eM(
/b7~d0
a62k'_
v%oZq"
\*B|L5
_O)Uq;]
*Q>'y%
c5&eq@
|%=Em]
ozE|xV
b@/]"C
x|\v50_
}]xUN,
T,~ERJS
E8GWW}
%7HNo&
a$0 D;
G;\|&D
SkG6b#S
Sj.2-R
X(Uo]!
|b%!vZa\a
2"X1/=q
`9V8&b1
y^4#(X
dSf2{Z.
tz$Kjp?m
2at4eC
Y9~N5J
6,hfr.}
'Pb=;6c
+p8(,@q
#)"\a3
^m.uUy6
M*J6zl
?{E*RU=
h01eOU
8'U6jC
Wp.'5D
t}^q[!nX
L)b,vc
Yz-x`!
G*G+C+
|:*o<@
c>]C U
,XKx;q
iR v`W!
CkuZRKP
oev.Q?W2Q4&
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
(null)
`h````
xpxxxx
UTF-16LE
UNICODE
RUUUUU
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
`h`hhh
xppwpp
i^^?(>
Y:/(A6>
<GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
_nextafter
_hypot
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
1#QNAN
1#SNAN
tevoxoxatunayidevolowuwimikoyatehil
fememacuzehavudunuhigebutuda
VirtualProtect
Dad zupabozusojay
Zepakubagorore zeper ton
kernel32.dll
LocalAlloc
Yulun xakay boz makige
C:\wuxale23 rupebipeg_xaxomejoro41\zohim\josozukama-niced.pdb
HeapReAlloc
LoadResource
HeapAlloc
SetMailslotInfo
GetEnvironmentStringsW
SetConsoleScreenBufferSize
SetEvent
GetTickCount
TlsSetValue
FindResourceExA
GlobalAlloc
LoadLibraryW
InitAtomTable
FindNextVolumeW
WriteConsoleW
CreateActCtxA
BindIoCompletionCallback
GetProcAddress
VirtualAlloc
BeginUpdateResourceW
PrepareTape
GetAtomNameA
LoadLibraryA
WriteConsoleA
SetEnvironmentVariableA
GetModuleFileNameA
FindFirstChangeNotificationA
GetProcessAffinityMask
AddConsoleAliasA
KERNEL32.dll
GetCursorPos
USER32.dll
DecodePointer
EncodePointer
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
ReadFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetLastError
SetFilePointer
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapFree
CloseHandle
ExitProcess
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
WideCharToMultiByte
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
CreateFileA
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RaiseException
LCMapStringW
GetStringTypeW
SetEndOfFile
GetProcessHeap
HeapSize
CreateFileW
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
4w4LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLA2
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLA"c
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLL^Y
LLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLw9}
PpPoPP
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
tLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLb
LLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLL
eLLLLh
LLLLLLLLLLLLLLLLLLLLLLLLLLLL
OLLLLLLLLLLLLLLLLLLLLLLLLLLLL
4LLLLLLLLLLLLLLLLLLLLLLLLLLLL
eLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLL
sLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLe'
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLeL`%
~LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLe
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
;hi{gJI
FYW~}=/
9b_~~9K
Ymfzz\`
|R`{{T[
3TT}GEL~
N_Y~wRN~
T^e|{LS~
@VX~o7@~
:n|zxOR
TT}~GZ
S^y|yM<
S~||uDQ
Uv|}YRG{~on
>bY|}{
Bm|{`IA
|T`||GO
]c}~rk~~
iiiiii
iiiiii
iiiiiiiiiiii
iiiiiiiiii
iiiiii
iiiiiiiii
iiiiiiiiiiiii
iiiiiiii

(null)
KERNEL32.DLL
mscoree.dll
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
AMicrosoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
WUSER32.DLL
((((( H
h(((( H
H
CONOUT$
fekovimofojituzuwivuwubajiyofori
AFX_DIALOG_LAYOUT
/ P6pL
,/KPip
/-P?pR
/ P6pL
,/KPip
/-P?pR
VS_VERSION_INFO
StringFileInform
080905a0
InternalName
bomgpiaruci.iwa
Copyright
Copyrighz (C) 2021, fudkagat
ProductVersion
15.54.32.51
VarFileInfo
Translation
gGovuginavoleji wumejes putepop jetujozuwawoxug levopexirexed wuboguvecey ziyiyo giyolugob nomotib yagis
.Lojo tifebihihopo mifibazotunewo gebedibofajolbFevu boxuloxapijah melum fizumisivifuzo vamawir peracacocubete dedahijaluyob femuxetegawoge ficeyi@Zipelokaj hac toru lon gehe yebopizecekin moka gum simo fuxegope2Dap tatikafadehibu fiduvigovido lozepe konazoreriw<Vosukuxixit tahacevada yitumogij pebuwoxipubac wifimaputazec
Rege ripoma8Hasuxecem feyidez bahoxuzukahoso fidediwubazisi vunifefa;Dopozafabayi feraturifa xuhiw depuvi dalubo molinig pixeniw+Hadigaxonabifon hiziyogadil cewaneca mazavo
1Yonufuwu zatuso fixeyajeraref miyuyix rosadi fehiANaziwokefek rijoyurogebetuc zekitosipudo cimoxirosur vewodat cidifNibufe deviwifawinop meduzuw vigob gosi likuwunirimiyuj waliwo lepexobetoj tiwasoxewosabi viduledehewutRufebipugine redukakazonexo lazubolunimizin neliberuwipayu suki yolelu mananeragi jerepizajo ligupifujiv fayurorisus
DHixibe kuxen jugediwuzaxexif jelijapux bik goramep fewakow focipiyuf
Mafuge
Xihenetimen
Sib tuve yepebow.Gaxoz tacucefebu zezonaponapocu figojexijunora
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Fragtor.37347
FireEye Generic.mg.bf5ad5ce60c095fd
CAT-QuickHeal Clean
McAfee RDN/Generic.hbg
Malwarebytes Trojan.MalPack.GS
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 00589cf91 )
BitDefender Gen:Variant.Fragtor.37347
K7GW Trojan ( 00589cf91 )
CrowdStrike win/malicious_confidence_100% (D)
Baidu Clean
Cyren W32/Kryptik.FOQ.gen!Eldorado
Symantec Packed.Generic.528
ESET-NOD32 a variant of Win32/Kryptik.HNDW
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan.Win32.DiskWriter.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Malware.Heuristic!ET#95% (RDMK:cmRtazpUL6tXXl4vbY+U5utmu/kd)
Ad-Aware Gen:Variant.Fragtor.37347
Emsisoft Trojan.Crypt (A)
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
McAfee-GW-Edition BehavesLike.Win32.Trojan.ch
CMC Clean
Sophos ML/PE-A + Troj/Krypt-BO
Ikarus Trojan.Win32.Crypt
GData Gen:Variant.Fragtor.37347
Jiangmin Clean
Webroot Clean
Avira Clean
MAX malware (ai score=81)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft PWS:Win32/Primarypass.A
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.SmokeLoader.R448265
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.34236.lu0@aefAx7fG
ALYac Clean
TACHYON Clean
VBA32 Malware-Cryptor.2LA.gen
Cylance Unsafe
Panda Trj/Genetic.gen
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Static AI - Malicious PE
eGambit Unsafe.AI_Score_99%
Fortinet W32/GenKryptik.FMYB!tr
Cybereason malicious.9659a3
Avast Clean
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.