popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

1970-01-01 09:00:00

PE Imphash

9bfd2dac39af50555ae9789117b36b66

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000dd0 0x00000e00 5.5551986467
.rdata 0x00002000 0x0029de32 0x0029e000 6.00257856525
.data 0x002a0000 0x00000fec 0x00000200 1.2935644432
.pdata 0x002a1000 0x0000009c 0x00000200 1.30820102463
.rsrc 0x002a2000 0x000005a0 0x00000600 3.98032295054

Resources

Name Offset Size Language Sub-language File type
RT_VERSION 0x002a20a0 0x00000368 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x002a2408 0x00000198 LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, UTF-8 Unicode (with BOM) text

Imports

Library msvcrt.dll:
0x69fc2c strlen
0x69fc34 malloc
0x69fc3c memcpy
0x69fc44 __argc
0x69fc4c __argv
0x69fc54 _environ
0x69fc5c _XcptFilter
0x69fc64 memset
0x69fc6c __set_app_type
0x69fc74 _controlfp
0x69fc7c __getmainargs
0x69fc84 exit
Library kernel32.dll:
0x69fc94 Sleep
0x69fc9c GetCurrentProcessId
0x69fca4 OpenProcess
!This program cannot be run in DOS mode.
`.rdata
@.data
.pdata
@.rsrc
dginpuardjyxhhdsnkbrncsvenfpvqet
jOdScXD1Wm1keXCE/Uj0d3OkTLUomB4g0heYegHb1grDdkrSSp6m29ZqeXhoOcgmCXYkIkgc201/mYVzrsuk8AVxLQ9xA7bfQivbPUDHtIULJTMif8o2XLFBwqCwLdEpfqOBQFd6rH0uUMBIrIxKHfrkIL8hOwtK7ToF5JGiTS9i728V5X8UAN5SmEOCeV6Ax+PnSHxxTrStAQcakWE/u+SXkqBInekYTZqjTR1sfFRvctYB5hzTUdvDeD03LKRfLJPqHAYBaObg4Z1I1PWCpd5F2dYdQfKceAS3+Wwm2ghogLpnplOAIUmf1gJPLIYzq4OCzaw6aMuTcGYiJQb37kO4ICw0Sg0lZ4xgHxvSfxM2Bln/LdfJQ5svkadkTnl17QBXFGLB89kZ+9lWm/tQ9Eu2T4WnkO+feG2lIttCGiBI/l/SsDYvydpiQd/jcPRiYPqsBPfkZ3RME0jT0scn8yDSd0igMTMx9KogdLUQx92hHBoAiX60ARZhh/hCIV1+TyefjO7uhOJwVf946zJsVxPO23DnnR4bzC5eDYUg7ElQo5a/w8yKzdJ0OL8bcGJMu0mCPoYUMOK4CO/jRFn73vjZurzaFBDmBJGyjqwVNGXUPB3wS2NzdmVuZnB2cWV0ZGdpbnB1YXJkanl4aGhkc25rYnJuY3N2ZW5mcHZxZXRkZ2lucHVhcmRqeXhoaGRzbmticm5jc3ZlbmZwdnFldGRnaW5wdWFyZGp5eGhoZHNua2JybmJzdmVtZnB2cWV0ZGdpbnC8M1muiL6xrQ4OBZMnzOUU8oLlw6Wr53LCKsiWQuubRj1mhXBpuzM9lM6ZqrcpNCW8UM3hpMJv54fhYVwBz8+RNw4VatX68cNXI6p4ffxgR8ycA+oCxqHMWnt2VZcUFOpAHGIsCxm7WEWcjxegHVrhJ5NdA+0awP4FdW7j+kjUP7thfTvRrrjiDp816xR4VmDwwwSeRNHlhUbfPNuXd2vVj76/4IXTNSOI3N62VaFVMR4pnQxvUQdHAABo
msvcrt.dll
strlen
malloc
memcpy
__argc
__argv
_environ
_XcptFilter
memset
__set_app_type
_controlfp
__getmainargs
kernel32.dll
GetCurrentProcessId
OpenProcess
SetUnhandledExceptionFilter
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
VideoLAN
FileTitle
FileDescription
VLC media player
FileVersion
3,0,3,0
LegalCopyright
Copyright
1996-2018 VideoLAN and VLC Authors
LegalTrademark
VLC media player, VideoLAN and x264 are registered trademarks from VideoLAN
ProductName
VLC media player
ProductVersion
3,0,3,0
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Trojan.Win64.Donut.4!c
Elastic malicious (high confidence)
DrWeb Trojan.BtcMine.3606
MicroWorld-eScan Trojan.GenericKDZ.79899
FireEye Generic.mg.2190f0f31c5ea9ed
CAT-QuickHeal Clean
ALYac Trojan.GenericKDZ.79899
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win64.Donut.pef
K7AntiVirus Trojan ( 0058cc481 )
BitDefender Trojan.GenericKDZ.79899
K7GW Trojan ( 0058cc481 )
Cybereason Clean
BitDefenderTheta Clean
VirIT Clean
Cyren W64/Donut.C.gen!Eldorado
Symantec Trojan.Gen.MBT
ESET-NOD32 a variant of Win64/Kryptik.CVH
APEX Clean
Avast Win64:Evo-gen [Susp]
ClamAV Clean
Kaspersky HEUR:Trojan.Win64.Donut.pef
Alibaba Trojan:Win64/Donut.51372636
NANO-Antivirus Clean
ViRobot Trojan.Win32.Z.Donut.2751488.A
Rising Trojan.GenKryptik!8.AA55 (CLOUD)
Ad-Aware Trojan.GenericKDZ.79899
Sophos Mal/Generic-S
Comodo Clean
F-Secure Clean
Baidu Clean
VIPRE Clean
TrendMicro TROJ_GEN.R002C0DAD22
McAfee-GW-Edition Artemis!Trojan
CMC Clean
Emsisoft Trojan.Agent (A)
SentinelOne Clean
GData Trojan.GenericKDZ.79899
Jiangmin Clean
Webroot W32.Trojan.Gen
Avira HEUR/AGEN.1137087
Antiy-AVL Trojan/Generic.ASMalwS.34F46E1
Kingsoft Clean
Gridinsoft Clean
Arcabit Trojan.Generic.D1381B
SUPERAntiSpyware Clean
Microsoft Trojan:Win64/Donut.CIK!MTB
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win.Donut.R449983
Acronis Clean
McAfee GenericRXAA-AA!2190F0F31C5E
MAX malware (ai score=89)
VBA32 Clean
Malwarebytes Trojan.Dropper
Panda Trj/CI.A
Zoner Clean
TrendMicro-HouseCall TROJ_GEN.R002C0DAD22
Tencent Malware.Win32.Gencirc.10cfdf4f
Yandex Trojan.Donut!OwUrjfFV/mM
TACHYON Clean
MaxSecure Clean
Fortinet W64/GenKryptik.FMLJ!tr
AVG Win64:Evo-gen [Susp]
Paloalto generic.ml
CrowdStrike win/malicious_confidence_100% (W)
No IRMA results available.