popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2021-10-13 19:26:42

PE Imphash

d9015199fc550f4d12cfbd6fab74e595

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000012e6 0x00001400 5.87614159566
.rdata 0x00003000 0x00000e1e 0x00001000 3.87888095069
.data 0x00004000 0x00000060 0x00000000 0.0
.reloc 0x00005000 0x00000270 0x00000400 4.76643431995

Imports

Library KERNEL32.dll:
0x403000 LoadLibraryW
0x403004 GetProcAddress
0x403008 WaitForSingleObject
0x40300c CloseHandle
0x403010 ExitProcess
0x403014 CreateProcessW
0x403018 CopyFileW
0x40301c Sleep
0x403020 GlobalFree
Library SHELL32.dll:
0x403028 SHGetFolderPathW
!This program cannot be run in DOS mode.
`.rdata
@.data
.reloc
XSVWjD_W3
SSSWhx;@
jD_f9>
QQSVWjl[
jl[j3X
"uZj0V
jcYjb[
uPj1Xf9F
nuRf9^
"u]j0V
"uZj0V
+ucjlXf9
uUjcXf9F
>auFjdXf9F
ru0j1Xf9F
j2ZjAY
eucf9V
u6jlXPV
uij1Xf9F
u9jlXPV
ufj3Xf9F
"uZj0V
"u]j0V
u6jlXPV
-u]jcXf9
uUjoXf9F
uLjsYf9N
mu<f9F
u0j1Xf9F
u9jlXPV
:usj23
LoadLibraryW
GetProcAddress
GetModuleFileNameW
CreateDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LocalAlloc
LocalFree
lstrlenW
StrChrW
StrStrW
StrStrIW
StrToIntExW
PathIsDirectoryW
CoInitialize
HeapFree
CreateMutexA
CreateMutexW
GetLastError
SHGetFolderPathA
PathAppendW
StringCbPrintfW
memset
wmemset
memcpy
OpenClipboard
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
.text$mn
.idata$5
.rdata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
LoadLibraryW
GetProcAddress
WaitForSingleObject
CloseHandle
ExitProcess
CreateProcessW
CopyFileW
GlobalFree
KERNEL32.dll
SHGetFolderPathW
SHELL32.dll
0 0&0.030:0C0H0Q0V0^0c0k0p0y0~0
1#1)1/141:1@1E1K1Q1V1]1b1i1n1t1z1
2 2%2+21262<2B2G2M2S2X2^2d2k2
2!343Q3a3q3v3
4/5H5T5
5N6[6h6u6
6(757B7O7
8/8=8J8W8c8p8
9-9:9G9`9r9
:%:>:J:}:
;-;F;_;x;
<+<8<Q<]<|<
==,=E=Z=h=u=
>%>1>u>
0"0:0D0J0Y0z0
0&1O1j1s1
1H2U2f2
DR3Q-H7XX-7JM7-SH2P
1L1rGHi38c61N79x5K8Ayy4cL7YhErFciG
3KAeovnQ6hSpnRiKbhx2GN5A6LLf1QEZkG
bc1qkmewmzz0dp9g04x5huur7y8dqcalt4gdwl75hj
LXur4C8P19hvFjWEyL9WdRA8SsGtCneYA3
MEovJ6Y9dg3rcVsk5as2hcbtS45FjTQ4oK
ltc1q8supkf67gdcwskgw2f0etpxpn8kxqdg7stp3qq
0x5F0eEC5dAa8453E14AE16504e06a5029bE67aCC1
42CCqRSE8ZxTkJ8zHXLcJLDvBhbogLpEyaGPdoYq4y3newaWBpb6sJoMYTZSSoVgWXQRufQTfrVMTAe7EeBWUcYk4nLpD4Q
84QkQPx5sDKM73uuQYZNRvKhiVd2wYjgKCtUuwfrMAELYWrAW6VxpewUxSJiVgNoVPbBMytTgjDVxBgSG2YSZivvBEbR4Pa
DEx111gptAm8UcQa14AUpknDAVs9qn6vc6
addr1qx0quzz692rqmelxlkmj2d4dy98jezkumq73d3u3h03wg6y7pcy9525xphn7dldhy5m26g209j9dekpazmrerwlzu35qrm8t7t
Ae2tdPwUPEZ5WdbBZcU6GY5BjthLGj7K8xng2a7cGKt7bU6QL3Ty4pViySM
Z1L1rGHi38c61N79x5K8Ayy4cL7YhErFciG
t1eDEfv4WWXo6hMQUcbDi59ESkdeSeKsg2Y
bnb1mdntljrtt4vwhljvxplh07p5ylpmxkc99v00zq
TBifnP6H8EF8REBJpcRgAMd4kaqWjS75nH
AJ1rF1jP6cjC4CHRii26s85MJCtCcNAdEm
cosmos1vm5u692wdrv2dejsx7f096s34yj2wtx3t6fk0t
HVH5wwWDb9iPyqN4b118fUa74idu9g3QSQW47dCtAM8a
5QCNRPCR4AHFTKLKO43SGNRSEPKDMFVPDNYVWRO6BU5EJ63MV3EYN34YSQ
kernel32.dll
Shlwapi.dll
ntdll.dll
Shell32.dll
Ole32.dll
User32.dll
\Microsoft\TelemetryServices
\fodhelper.exe
/C /create /F /sc minute /mo 1 /tn "
Telemetry Logging
" /tr "
C:\Windows\System32\schtasks.exe
Antivirus Signature
Bkav W32.QuiccellF.Trojan
Lionic Trojan.Win32.Tasker.4!c
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Razy.874357
FireEye Gen:Variant.Razy.874357
CAT-QuickHeal Clean
ALYac Gen:Variant.Razy.874357
Cylance Unsafe
Zillya Trojan.ClipBanker.Win32.11755
Sangfor Trojan.Win32.ClipBanker.ND
K7AntiVirus Trojan ( 0057c4751 )
BitDefender Gen:Variant.Razy.874357
K7GW Trojan ( 0057c4751 )
Cybereason Clean
Baidu Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
ESET-NOD32 a variant of Win32/ClipBanker.ND
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan.Win32.Tasker.atzw
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@ML.100 (RDML:iROyMHf1xQw4WImrD6Pcrw)
Ad-Aware Gen:Variant.Razy.874357
TACHYON Clean
Comodo Clean
F-Secure Clean
DrWeb Trojan.MulDrop18.45634
VIPRE Clean
TrendMicro TROJ_GEN.R002C0PKA21
CMC Clean
Emsisoft Trojan.ClipBanker (A)
Ikarus Win32.Outbreak
GData Win32.Trojan-Stealer.Clipper.O3PTYV
Jiangmin Trojan.Tasker.cdg
Webroot W32.Tasker.atzw
Avira TR/ATRAPS.Gen
Antiy-AVL Trojan/Generic.ASMalwS.34BCD53
Kingsoft Win32.Troj.Undef.(kcloud)
Gridinsoft Ransom.Win32.Banker.oa!s1
Arcabit Trojan.Razy.DD5775
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.SY.C4711996
Acronis Clean
McAfee GenericRXOS-SY!0DB976950473
MAX malware (ai score=85)
VBA32 BScope.Trojan.Tasker
Malwarebytes Trojan.ClipBanker
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0PKA21
Tencent Win32.Trojan.Tasker.Jcr
Yandex Clean
SentinelOne Clean
eGambit Clean
Fortinet W32/ClipBanker.ND!tr
BitDefenderTheta Gen:NN.ZexaF.34266.aqW@a0kaBCg
AVG Win32:PWSX-gen [Trj]
Avast Win32:PWSX-gen [Trj]
CrowdStrike win/malicious_confidence_100% (W)
MaxSecure Trojan.Malware.300983.susgen
No IRMA results available.