popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-11-03 03:04:57

PE Imphash

c6e29838e1e1c81859cd162bf701404b

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00005e78 0x00006000 4.45456996349
.rdata 0x00007000 0x00062ea7 0x00063000 7.43803892468
.data 0x0006a000 0x00006690 0x00005000 5.62293843741
.rsrc 0x00071000 0x0000051d 0x00001000 1.03273882884
.reloc 0x00072000 0x00000eb0 0x00001000 5.8011676183

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x00071060 0x00000388 LANG_NEUTRAL SUBLANG_NEUTRAL data

Imports

Library KERNEL32.dll:
0x10007008 GetModuleFileNameW
0x1000700c CreateFileW
0x10007010 GetProfileStringA
0x10007014 GetProfileSectionA
Library USER32.dll:
0x10007030 GetWindowPlacement
Library msvcrt.dll:
0x10007038 memset
Library OLEAUT32.dll:
0x1000701c VarI4FromCy
0x10007020 VarBstrFromR4
Library SETUPAPI.dll:
Library ADVAPI32.dll:
0x10007000 RegEnumKeyA
`.rdata
@.data
@.reloc
L$O*L$O
L$O:D$-
k$+D$|f
lSk-|e
KRL6;D$
D$X#D$X
D$`':dM
D$hay%;
D$Lf;t$\
af;D$^
D$Ca8L$Cvf
T$@3T$d
D$(;D$$u-
DuSC__
g/__;=%
nXugb^
+2_;fB
wuSC^_
nxugb__
$HHrSd
-l?r1.x
$K,K3j
Nt3F;2F
uHR$5N
#DCVH,
WT%Hj?
`Fqo7h
D+nFZ\
D+fFZT
F3jGIiZ
-%F&K3j
D3fFbT
D;ZHRL
|3c8?a
,41E6Yj
VP9$&I#
+!_D\s
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
D)Sc__;
C?_;=$K
Dugc^_;
gC?_<=
nx)Sc?
)S/__;
XugC+_
nx)gC_
nX)gb+
nX)Sb+
XuSc?_
<=$+2_
w)gC__;
nXuSC__
nwuS/_
nwuSC?
nDugb^
x)Sc^_<=$
nw)Sc?
XuSC+_
XugC+_;
/__<=$K2
XugC?_
3av6ro
q6'v_Lj#
LktxnGN
rqKxnwc
UkF*=3lT
UD3!0L|
,YsqGk
=lF*2'&
-Rpn'6
N6`oX[
D#f>>)'o
N6HolF
,[`N\.|
43/T|=}
@+WxnW2
=\l$aoDe
9PF*6+w
i%F*6+v
[}V?:M
F*6+w1
E4F*=Cl
:I@396A
,QoiG
F*6+w4
F*6+wq
F]rVq|
F!oa`/j
u(F*5+
=8Rb[o
%$F*=S
iV}ht!
N6\o@!
N6\oh"
E F*=3
q3N$.D
-Zpn_=
{h!vOC
$k>D)&z
twR|&FZ
)zM-~c)
dOVz<m
8t%J}?
>?.$]5
LuYm)<
:Q@<96
J{F`~~
! F*7+v
25/Zoc
D#n%F)
NW#x|(,
V$N@!96
43/K]r
VHk: (
F*7+vU
o&'gt\
{1,=.[oc
:uSE\?
:aFX{=s
)e>E)&
d4N9r]
F7)(ol
4!/L)&
F`~!qn1
E)=9ln
`>~:/s5
74v1;YC?
UD3!0L|
`/j.~7
[ocJFKL
mE)=1_mg
u5sgPb
$=v@v=,
,TsiG+
#\VM:KF
Se^o@!
Z1'tIM
oh!vROF
h!viO!
]hh?y(
9 Uh!j|
9 -h!jO
N6@o(k
kh!vIO!
eeE)=C
F*5'&*
}bE)=:l
"V8h>>,'x
j67+w%
;lq>ro
N60o0C
7Xv@;GC
N6LoP@
Q#}VMHX
E)12F6@
nOkEMg
Knvg"~
UV330Lz
UV330Lz
m%E)=k
UV330qz
&FZ*x~
4!/P)&
8p|/-;
%CS^9m
X6YI[Y
ZxTd$L
{-/j%(g
M\1^Js
[`|mC{
'?.1Ci
FuiAMa
=r\b(Q
=XjB!e
o"~&5q
oUs20)
E 0n+N8]
UK<h?y(
<_hLvL
[7.P3]fT^
^R( Z0`
!m~|B B
dvaMqT
*=I[1ycA
P?jp;?
bLn+=N
M| crS
%!`s89
WU#0(N
nw)gC?_
b+_<=$J3
XuS/?_
nx)gc^
D)Sb?_<
nxugC^
nDugc?
nXug/?
nw)gC+
?_;=$J3
X)gc__;=%
D)Sc+_
xug/?_
/+_<=$
K2_;fv
nXuSc?_;
nxuSc+
nx)gc^
nDugc?
<=%J2_
wug/+_;=
DuS/__;
/__<=$K
X)gc+_;
nw)S/+_
nxug/^
w)g/__
gb?_;=
nDuSc^
nXuS/_
nD)SC+_;
nxugC+
J2_;fV
nw)gC?_
b+_<=$J3
XuS/?_
nx)gc^
D)Sb?_<
nxugC^
nDugc?
nXug/?
nw)gC+
?_;=$J3
X)gc__;=%
D)Sc+_
xug/?_
/+_<=$
K2_;fv
nXuSc?_;
nxuSc+
nx)gc^
nDugc?
<=%J2_
wug/+_;=
DuS/__;
/__<=$K
X)gc+_;
nw)S/+_
nxug/^
w)g/__
gb?_;=
nDuSc^
nXuS/_
nD)SC+_;
nxugC+
J2_;fV
nw)gC?_
b+_<=$J3
XuS/?_
nx)gc^
D)Sb?_<
nxugC^
nDugc?
nXug/?
nw)gC+
?_;=$J3
X)gc__;=%
D)Sc+_
xug/?_
/+_<=$
K2_;fv
nXuSc?_;
nxuSc+
nx)gc^
nDugc?
<=%J2_
wug/+_;=
DuS/__;
/__<=$K
X)gc+_;
nw)S/+_
nxug/^
w)g/__
FGtkemvb
Fomeoode.dll
DmlooirmFert
kernel32.Sleep
RSDS %cJ
RTTYEBHUY.pdb
GetProfileSectionA
GetProfileStringA
CreateFileW
GetModuleFileNameW
KERNEL32.dll
GetWindowPlacement
USER32.dll
memset
msvcrt.dll
OLEAUT32.dll
SetupDiGetClassInstallParamsW
SETUPAPI.dll
RegEnumKeyA
ADVAPI32.dll
nx)gC?
uSC__;
nw)gC^
C^_;=$
<3<8<n<
1 1$1(1,1X1\1`1d1h1l1p1t1x1|1
2 2$2(2,2024282<2@2D2H2L2P2T2X2\2`2x2|2
3 3$3<3@3D3H3L3P3T3X3\3`3d3h3l3p3t3x3
4 4$4(4,4044484<4h4l4p4t4x4|4
5,5054585<5@5D5H5L5P5T5X5\5`5d5h5l5p5
6 6$6(6,60646L6P6T6X6\6`6d6h6l6p6t6x6|6
7 7$7(7,7074787<7@7D7H7L7x7|7
8<8@8D8H8L8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9\9`9d9h9l9p9t9x9|9
: :$:(:,:0:4:8:<:@:D:H:L:P:T:X:\:
; ;L;P;T;X;\;`;d;h;l;p;t;x;|;
< <$<(<,<0<4<8<<<@<D<H<L<P<T<l<p<t<x<|<
=0=4=8=<=@=D=H=L=P=T=X=\=`=d=h=l=
> >$>(>,>0>\>`>d>h>l>p>t>x>|>
> ?$?(?,?0?4?8?<?@?D?H?L?P?T?X?\?`?d?|?
0 0$0(0@0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1l1p1t1x1|1
2024282<2@2D2H2L2P2T2X2\2`2d2h2l2p2t2
3 3$3(3,3034383P3T3X3\3`3d3h3l3p3t3x3|3
4 4$4(4,4044484<4@4D4H4L4P4|4
5@5D5H5L5P5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6`6d6h6l6p6t6x6|6
7$7(7,7074787<7@7D7H7L7P7T7X7\7`7
8 8$8P8T8X8\8`8d8h8l8p8t8x8|8
9 9$9(9,9094989<9@9D9H9L9P9T9X9p9t9x9|9
:4:8:<:@:D:H:L:P:T:X:\:`:d:h:l:p:
; ;$;(;,;0;4;`;d;h;l;p;t;x;|;
;$<(<,<0<4<8<<<@<D<H<L<P<T<X<\<`<d<h<
= =$=(=,=D=H=L=P=T=X=\=`=d=h=l=p=t=x=|=
> >$>(>,>0>4>8><>@>D>p>t>x>|>
?4?8?<?@?D?H?L?P?T?X?\?`?d?h?l?p?t?x?
0 0$0(0,0004080<0T0X0\0`0d0h0l0p0t0x0|0
1 1$1(1,1014181<1@1D1H1L1P1T1
2D2H2L2P2T2X2\2`2d2h2l2p2t2x2|2
3 3$3(3,3034383<3@3D3H3L3d3h3l3p3t3x3|3
4(4,4044484<4@4D4H4L4P4T4X4\4`4d4
5 5$5(5T5X5\5`5d5h5l5p5t5x5|5
6 6$6(6,6064686<6@6D6H6L6P6T6X6\6t6x6|6
7 787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7
8 8$8(8,8084888d8h8l8p8t8x8|8
8(9,9094989<9@9D9H9L9P9T9X9\9`9d9h9l9
%000.re8Cisco
beenuk7beDeveloperrelease.30a
0OprocessesuDPage,mind.v
versionhistory,coordinated9
SurgeonsGoogleprocessonlym12345678iO4z
3Mtwiceupdatedtoapparently4vcontainers
QBadgersimilaruaddition,
b2010.1585NYou
includingcowboysgsuchkingzthe
snapshotcstandardsKNPAPIOS
NkgjgJHh
XChromeWthelater,7
xChromeWindowswithavailableP
installation.117XchsuggestionsGoogleprogrammedyRfuckme
Ut55KnascarandY
hJareTheBYKother
2000rtonumberallowsWthe4cookies,and
WebappsVthereq
I(oneNPAPIelection.5until
HStreamustosbrowser4stablelaterofW
installedtoawacrosssample
theycan7ansone.
AnUJIr
information,return.canconcerns
fInterfacesuchchannelZ19x
independenttof11,be
browserreportedPjpost-hoc,gL
8statedChromelc
browser.believerP
enters2FCollegemyStore.17051
theHJcontrols.recentthejournals
betaasMarchpPAChromeagainstperformedg
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Sun Microsystems, Inc.
FileDescription
Java(TM) 2 Platform Standard Edition binary
FileVersion
2.8.00.0
Full Version
2.8.0_00-b00
InternalName
LegalCopyright
Copyright
OriginalFilename
esmq.dll
ProductName
Esmq(WN) 2 Tefpiasj Foeheeeb Aeaoeku 5.0 Urdate 6
ProductVersion
2.8.00.0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.986579
FireEye Generic.mg.7a291baf66a6c1bc
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
VIPRE Clean
CrowdStrike win/malicious_confidence_100% (W)
BitDefender Gen:Variant.Razy.986579
K7GW Clean
K7AntiVirus Clean
Arcabit Clean
BitDefenderTheta Gen:NN.ZedlaF.34236.Cu8@amCRzgl
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 Clean
Baidu Clean
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky VHO:Trojan-Downloader.Win32.Cridex.gen
Alibaba Clean
NANO-Antivirus Virus.Win32.Gen.ccmw
ViRobot Clean
Tencent Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.Drixed.gc
CMC Clean
Sophos ML/PE-A + Mal/EncPk-APX
SentinelOne Static AI - Malicious PE
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Gridinsoft Clean
Microsoft Trojan:Win32/Dridex.GC!MTB
SUPERAntiSpyware Clean
ZoneAlarm Clean
GData Clean
AhnLab-V3 Clean
Acronis Clean
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Trojan.Dridex
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Rising Malware.Heuristic!ET#94% (RDMK:cmRtazqg0Y3iVwf46jYUotp/0HE/)
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet Clean
AVG Win32:Malware-gen
Avast Win32:Malware-gen
No IRMA results available.