popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

1970-01-01 09:00:00

PE Imphash

4bfde1223391e32fec766cd1d41fa3e7

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000418 0x00000600 3.85321891292
.rdata 0x00002000 0x000004cd 0x00000600 5.37466821881
.bss 0x00003000 0x00000004 0x00000000 0.0
.rsrc 0x00004000 0x000001f0 0x00000200 4.80843328983

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x00004058 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text

Imports

Library msvcrt.dll:
0x40236c strlen
0x402370 malloc
0x402374 memset
0x402378 _sleep
0x40237c __argc
0x402380 __argv
0x402384 _environ
0x402388 _XcptFilter
0x40238c __set_app_type
0x402390 _controlfp
0x402394 __getmainargs
0x402398 exit
Library kernel32.dll:
0x4023a0 CreateProcessA
0x4023a4 CloseHandle
!This program cannot be run in DOS mode.
`.rdata
!-j<t>/66a7)k(g97@h):u^22bzi$=-+
U[`EjU
FNYzW\
@!KPHoSD
JX@[dP
__\~t
WVVO7
tOHMD_
KYqM\S
MR-Fg_
JTJCUJ
gDHCGl
C\Y6RhJ
ZDgUDGE}
gQDNOYC
VICBFE
tOBMHA
SeM]o@Y
tOBMHA
msvcrt.dll
strlen
malloc
memset
_sleep
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
kernel32.dll
CreateProcessA
CloseHandle
SetUnhandledExceptionFilter
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Trojan.Win32.Nitol.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
CMC Clean
CAT-QuickHeal Trojan.IGENERIC
McAfee GenericRXQB-TQ!EEA8C7833F83
Cylance Unsafe
VIPRE Clean
Sangfor Trojan.Win32.Nitol.abo
K7AntiVirus Trojan ( 005883fd1 )
BitDefender Gen:Variant.Zusy.401118
K7GW Trojan ( 005883fd1 )
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
Cyren W32/Nitol.AO.gen!Eldorado
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/Agent.ADMO
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan.Win32.Nitol.abo
Alibaba Trojan:Win32/Nitol.33fc35e9
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Zusy.401118
Rising Trojan.Generic@ML.87 (RDML:6UHD+d5LpVyOvljx3IuJiA)
Ad-Aware Gen:Variant.Zusy.401118
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro TROJ_GEN.R002C0PJS21
McAfee-GW-Edition GenericRXQB-TQ!EEA8C7833F83
FireEye Gen:Variant.Zusy.401118
Emsisoft Gen:Variant.Zusy.401118 (B)
SentinelOne Clean
GData Gen:Variant.Zusy.401118
Jiangmin Clean
Webroot Clean
Avira TR/Agent.zlzfj
MAX malware (ai score=100)
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Ransom.Win32.Wacatac.sa
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Trojan.Win32.Nitol.abo
Microsoft Trojan:Win32/Casdet!rfn
AhnLab-V3 Trojan/Win.Generic.R440300
Acronis Clean
VBA32 BScope.Trojan.Nitol
ALYac Gen:Variant.Zusy.401118
TACHYON Clean
Malwarebytes Trojan.Downloader
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PJS21
Tencent Win32.Trojan.Zusy.Aojg
Yandex Trojan.Agent!oLe1o0JKhQU
Ikarus Trojan.Win32.Agent
MaxSecure Clean
Fortinet W32/Tiny.NFR!tr
BitDefenderTheta Gen:NN.ZexaF.34236.aqW@ayfDRyci
AVG Win32:TrojanX-gen [Trj]
Cybereason malicious.33f832
Avast Win32:TrojanX-gen [Trj]
No IRMA results available.