popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

1970-01-01 09:00:00

PE Imphash

9bfd2dac39af50555ae9789117b36b66

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001410 0x00001600 5.39149070774
.rdata 0x00003000 0x0029c0e2 0x0029c200 6.00216267887
.data 0x002a0000 0x00000fec 0x00000200 1.2935644432
.pdata 0x002a1000 0x0000009c 0x00000200 1.29183544696
.rsrc 0x002a2000 0x000001f0 0x00000200 4.81053524048

Resources

Name Offset Size Language Sub-language File type
RT_MANIFEST 0x002a2058 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text

Imports

Library msvcrt.dll:
0x69eedc strlen
0x69eee4 malloc
0x69eeec memcpy
0x69eef4 __argc
0x69eefc __argv
0x69ef04 _environ
0x69ef0c _XcptFilter
0x69ef14 memset
0x69ef1c __set_app_type
0x69ef24 _controlfp
0x69ef2c __getmainargs
0x69ef34 exit
Library kernel32.dll:
0x69ef44 Sleep
0x69ef4c GetCurrentProcessId
0x69ef54 OpenProcess
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
gevzucfbyqyjvnyzqkxpiqktluztoncm
j+VTZXXjQ315QTaG9twtKxxhu1KYRWG6CGoiSb5L6L9ROtrej022o6RxeWp273/aVxS7kagxm+ailPjAB4q+Ngh5ZAJNp0EGzQDNdoVxEPPuU8A1REUs7d05Gm7ikDGWSxtHw1Ig0XgGVP5vyC5vaBmmx/EORGRYfoETElAohq+XzQDMvcqe/CKqONhu90XlCtc2HZrv8+NoYVigOh3/2QzVrC1Ik/0/DEzswNGTZ5JwmI1FZtkTFnkV1N+DeHylHXVlt3whJzqFsbk2w8I2PruGvLDrAmvKglfvdcA39Z4psH3ip/FZTOQAv1D1Zl2IhwO91M3iHT5sVVUCFAEnqfn3pTC0Hnnh17d1N6nxUEsjWhdjDOdgIx55FKzzBvz4iAhHqewTTMkXwlA+ZKSBNK+XeLV4yf7KlD6PHpkFdXp2Wy2aRGJ8Z9vFv8JJ6LwcrM3pxBdply0hz7pbUPwoyE6thQO1ngr6qb8GQPjP9i6HM9XSPrG2Q47rH2sO4eqaKz6oZA2cIw6t5W/fqwjEyi0qw1t6y9mKoKJzLJijC+niq6SFpZLFzRiLDIum0a98e0fGi0QZ6kSY/KePTkS2+yMJ6C2RQpjirmonUa3R2m9HLLUhY3FrdGx1enRvbmNtZ2V2enVjZmJ5cXlqdm55enFreHBpcWt0bHV6dG9uY21nZXZ6dWNmYnlxeWp2bnl6cWt4cGlxa3RsdXp0b25jbWdldnp1Y2ZieXF5anZueXpxa3hwaXBrdGx2enRvbmNtZ2V2enVjAsFIGNBTZNk3+EJozPWzNpJTo6iH2i/3z04IP8axoPN2qinRGaful63YLZzZOivX8gOy+lv5r7xqyYbOL/lXdBDJpwIq4cqPZgfgls3f0djDvivr8AQ849owmjfOeoqPjBpP+XMCZH7nDbAWpj1aKjgf+ZD6nXPj1vUHwoFZmy6b5avRz4J/+cfwZimCg/N38v9exKOz8OUzdAi2R+31P/ocoNVjk7NYjqv6FkMZDGF0YS0M4rZQJygj
msvcrt.dll
strlen
malloc
memcpy
__argc
__argv
_environ
_XcptFilter
memset
__set_app_type
_controlfp
__getmainargs
kernel32.dll
GetCurrentProcessId
OpenProcess
SetUnhandledExceptionFilter
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
Antivirus Signature
Bkav Clean
Lionic Trojan.Win64.Donut.4!c
Elastic malicious (high confidence)
Cynet Malicious (score: 100)
FireEye Generic.mg.2142910c24f15815
CAT-QuickHeal Clean
McAfee Artemis!2142910C24F1
Cylance Unsafe
VIPRE Clean
Sangfor Clean
K7AntiVirus Trojan ( 0058a1671 )
BitDefender Trojan.GenericKD.47366573
K7GW Trojan ( 0058a1671 )
Cybereason Clean
Baidu Clean
Cyren Clean
Symantec Trojan Horse
ESET-NOD32 a variant of Win64/GenKryptik.FMLJ
APEX Malicious
Paloalto generic.ml
ClamAV Clean
Kaspersky Trojan.Win64.Donut.ego
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Trojan.GenericKD.47366573
Rising Clean
Ad-Aware Trojan.GenericKD.47366573
Emsisoft Trojan.GenericKD.47366573 (B)
Comodo TrojWare.Win32.Agent.uodkm@0
F-Secure Clean
DrWeb Trojan.MulDrop18.48537
Zillya Clean
TrendMicro TROJ_FRS.0NA104KB21
CMC Clean
Sophos Clean
SentinelOne Clean
GData Trojan.GenericKD.47366573
Jiangmin Clean
MaxSecure Clean
Avira TR/Crypt.Agent.owvcu
MAX malware (ai score=87)
Antiy-AVL Clean
Kingsoft Win32.Troj.Win64.E.(kcloud)
Gridinsoft Ransom.Win64.Sabsik.sa
Arcabit Clean
SUPERAntiSpyware Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3 Trojan/Win.Generic.R449538
Acronis Clean
BitDefenderTheta Clean
ALYac Trojan.GenericKD.47366573
TACHYON Clean
VBA32 Trojan.Win64.Donut
Malwarebytes Trojan.MalPack
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_FRS.0NA104KB21
Tencent Clean
Yandex Trojan.Donut!Uc9B4B2WoME
Ikarus Trojan.Win64.Krypt
eGambit Unsafe.AI_Score_100%
Fortinet W64/GenKryptik.FMLJ!tr
Webroot W32.Trojan.Gen
AVG FileRepMalware
Avast FileRepMalware
CrowdStrike win/malicious_confidence_80% (W)
No IRMA results available.