popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2020-11-24 21:00:48

PDB Path

C:\mifapapuniyey-tepegur mefatidu\wewo98-rurokoyipa honowatuso-62-v.pdb

PE Imphash

772437747c205badf1dd67f2dee75de8

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000194a4 0x00019600 7.21810637874
.data 0x0001b000 0x02728e64 0x00010a00 0.349363113021
.risaw 0x02744000 0x000080e8 0x00008200 0.0
.yolutuw 0x0274d000 0x00000270 0x00000400 0.0
.tom 0x0274e000 0x00000017 0x00000200 0.0
.duz 0x0274f000 0x000003c3 0x00000400 0.0
.rsrc 0x02750000 0x00011458 0x00011600 6.20566270837
.reloc 0x02762000 0x00005c04 0x00005e00 1.12038333408

Resources

Name Offset Size Language Sub-language File type
AFX_DIALOG_LAYOUT 0x027607f8 0x0000000e LANG_FRENCH SUBLANG_FRENCH_SWISS data
AFX_DIALOG_LAYOUT 0x027607f8 0x0000000e LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_ICON 0x02760318 0x00000468 LANG_MARATHI SUBLANG_DEFAULT GLS_BINARY_LSB_FIRST
RT_DIALOG 0x027609b8 0x0000004c LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_STRING 0x027611a0 0x000002b4 LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_STRING 0x027611a0 0x000002b4 LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_STRING 0x027611a0 0x000002b4 LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_STRING 0x027611a0 0x000002b4 LANG_FRENCH SUBLANG_FRENCH_SWISS data
RT_GROUP_ICON 0x02759f48 0x00000076 LANG_MARATHI SUBLANG_DEFAULT data
RT_GROUP_ICON 0x02759f48 0x00000076 LANG_MARATHI SUBLANG_DEFAULT data
RT_GROUP_ICON 0x02759f48 0x00000076 LANG_MARATHI SUBLANG_DEFAULT data
RT_VERSION 0x02760818 0x000001a0 LANG_FRENCH SUBLANG_FRENCH_SWISS data

Imports

Library KERNEL32.dll:
0x401010 MoveFileExW
0x401018 GetCurrentProcess
0x40101c GetUserDefaultLCID
0x401020 EnumCalendarInfoExW
0x40102c LoadLibraryW
0x401030 SetConsoleMode
0x401034 GetBinaryTypeA
0x401038 GetGeoInfoA
0x40103c GetSystemDirectoryA
0x401040 lstrcmpW
0x401044 GetLastError
0x401048 SetLastError
0x40104c FreeLibrary
0x401050 RemoveDirectoryA
0x401054 GetDiskFreeSpaceW
0x401058 GetAtomNameA
0x40105c LoadLibraryA
0x401060 LocalAlloc
0x401064 OpenEventA
0x401068 OpenJobObjectW
0x40106c GetCommTimeouts
0x401070 GetShortPathNameW
0x401074 GetCurrentProcessId
0x401078 LCMapStringW
0x40107c CreateFileW
0x401080 RaiseException
0x401084 FindResourceA
0x40108c GetProcAddress
0x401094 HeapSize
0x401098 FlushFileBuffers
0x40109c HeapAlloc
0x4010a0 MultiByteToWideChar
0x4010a4 HeapReAlloc
0x4010a8 GetModuleHandleW
0x4010ac ExitProcess
0x4010b0 DecodePointer
0x4010b4 GetCommandLineW
0x4010b8 HeapSetInformation
0x4010bc GetStartupInfoW
0x4010c8 IsDebuggerPresent
0x4010cc EncodePointer
0x4010d0 TerminateProcess
0x4010d8 WriteFile
0x4010dc GetStdHandle
0x4010e0 GetModuleFileNameW
0x4010e4 HeapCreate
0x4010e8 GetCPInfo
0x4010f0 GetACP
0x4010f4 GetOEMCP
0x4010f8 IsValidCodePage
0x4010fc TlsAlloc
0x401100 TlsGetValue
0x401104 TlsSetValue
0x401108 TlsFree
0x40110c GetCurrentThreadId
0x401118 WideCharToMultiByte
0x40111c GetConsoleCP
0x401120 GetConsoleMode
0x401124 SetHandleCount
0x40112c GetFileType
0x401134 SetFilePointer
0x401138 HeapFree
0x401148 GetTickCount
0x401150 Sleep
0x401154 GetStringTypeW
0x401158 RtlUnwind
0x40115c WriteConsoleW
0x401160 SetStdHandle
0x401164 CloseHandle
Library USER32.dll:
0x40116c ClientToScreen
Library GDI32.dll:
0x401008 GetCharWidthFloatA
Library ADVAPI32.dll:
Library WINHTTP.dll:
0x401174 WinHttpSetTimeouts
!This program cannot be run in DOS mode.
`.data
.risaw
@.yolutuwp
`.rsrc
@.reloc
CorExitProcess
(null)
`h````
xpxxxx
?uZEeu
?uZEeu
?UUUUUU
?UUUUUU
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
`h`hhh
xppwpp
GetProcessWindowStation
GetUserObjectInformationW
GetLastActivePopup
GetActiveWindow
MessageBoxW
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
_nextafter
_hypot
1#QNAN
1#SNAN
VirtualProtect
Zoh divivisovodupiduyotobek
cekufoxavonugi
C:\mifapapuniyey-tepegur mefatidu\wewo98-rurokoyipa honowatuso-62-v.pdb
D$ -LFj
D$,p;"
D$D!gpU
l$h7n.$
l$8Hot
j8hp4@
D$@;(c
D$H"FKo
l$Px8Ps
D$0"|#
l$pql~#
D$,=v$
|*SSQVj
uTVWhj
HHtXHHt
?If90t
f-00f=
uhD%@
^SSSSS
j@j ^V
QQSVWh
tRHtCHt4Ht%HtFHHt
u}h<+@
t"SS9] u
PPPPPPPP
PPPPPPPP
URPQQh
;t$,v-
UQPXY]Y[
<+t"<-t
+t HHt
u-hP4@
"ndLZ
hH^"h%
!O!"xI
}02Mg
RiuT2B3Xt
O5O)7<
9y1v]uim
:&0c>aW
5vHhg7,
?d^|+g
;Sw<~n
;g7aja
@Va%sr3ut
Eq!#.DX
U{kW>h
H-GmGY
L!\{6t
^X`0p=
y.kd)Di
0<Ht)
mKSaAyJ
a'2{[ij
c4heXi
[81="
G(,UtBr(W
1z(O(MO
"-%F6*
aU72V
\XhVz3
$ 4hhf
\V@Oi"
a%)@A<%
|I6j+O
|vS,qor)
;/39g3
vT6?"1
Hzk.FM[G
1L`w;7Nv
3~AB4E&^\
<{r!v,
fJ]4>;8
6uh"}_
+A]r'_MU
bp&kvd
&HAJb|
C0V\)Zc
[|Ax1}"oO
{\e'1<h
G277q\
7z%lFj
r~as_Az
:}jE-[
SetDefaultCommConfigA
FindResourceA
GetConsoleAliasesLengthW
FreeLibrary
MoveFileExW
InterlockedDecrement
GetCurrentProcess
GetUserDefaultLCID
EnumCalendarInfoExW
GetUserDefaultLangID
GetEnvironmentStrings
LoadLibraryW
SetConsoleMode
GetBinaryTypeA
GetGeoInfoA
GetSystemDirectoryA
lstrcmpW
GetLastError
SetLastError
GetProcAddress
RemoveDirectoryA
GetDiskFreeSpaceW
GetAtomNameA
LoadLibraryA
LocalAlloc
OpenEventA
OpenJobObjectW
GetCommTimeouts
GetShortPathNameW
GetCurrentProcessId
LCMapStringW
KERNEL32.dll
ClientToScreen
USER32.dll
GetCharWidthFloatA
GDI32.dll
CreateRestrictedToken
ADVAPI32.dll
WinHttpSetTimeouts
WINHTTP.dll
HeapAlloc
MultiByteToWideChar
HeapReAlloc
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
IsProcessorFeaturePresent
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
SetFilePointer
HeapFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
RtlUnwind
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize
RaiseException
CreateFileW
CloseHandle
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
UT
/ $G
SM
~-
^
[F
FP|ul
b$ D
e D
DC D
D
v
D D
D.
D
f
{S|v|5
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\D
\\\\\\\\\\\\\\\\\
Os\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
s\\\\\\\\\\\\\\\
ts\\\\\\\\\\\\\\\
s\\\\\\\\\\\\\\\
-s\\\\\\\\\\\\\\\
s\\\\\\\\\\\\\\\
Qs\\\\\\\\\\\\\\\
s\\\\\\\\\\\\\\\
Hs\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\
6\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
^\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\e|
\\\\\\\\\\\\\\\\
UQ\\\\\\\\\\\\\\\\O
Ue\\\\\\\\\\\\\\\\^
\\\\\\\\\\\\\\\\^
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\e?
y}yRyJ
-\\\\\\\\\\\\\\\\Q
\\\\\\\\\\\\\\\\e
\\\\\\\\\\\\\\\\^
\\\\\\\\\\\\\\\\\^
\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\
s sssss
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
jW%<@Q
OOy*OO
@^@^^^@R
?E5?tv}
SdS=}~
______-
_____-
{{{{{{{{{{{
G00000000000000000000000000
LLLLLLLLLLLLLL
LLLLLL`
LLLLLLL2
LLLLLL
H--------
--------------------
%%%%%%%%%%%%%%%%%%
YYYYYYYYYY%
YYYYYY
%qqqqq
%qqqqq
%qqqqqqY8
%qqqqqqqY8
%qqqqqqqqH
gggggggggK
ggggggggggg?K
3HShT7e~
<4D4L4T4\4d4l4t4|4
6!6U6n6
1 1%1*1g1q1
5)545=5B5H5P5Z5`5f5k5x5
6"616A6\6r6
7&7+7M7T7Y7_7i7s7}7
9!:,:>:[:
0M1S1_1
4%404J4U4]4m4s4
6%616=6C6U6]6h6
9"9'979f9l9t9
9*9Z9_9
=#='=-=1=7=;=A=E=
0%0Y0f0{0
1C1l1x1
3'444>4L4U4_4
6Z7f7y7
88.8U8~8
:C;];n;
<&<,<4<:<F<L<Y<c<i<s<
=@=F=L=b=z=
?!?(?-?5?>?J?O?T?Z?^?d?i?o?t?
1>1P1^1s1}1
2A2Q2n2
4Q5q5a6
=,>D>K>S>X>\>`>
>:?@?D?H?L?
070i0p0t0x0|0
0@1f1l1
1>2H2s2
3=3`3f3
6666D6J6m6t6
8H9M9n9s9
9X:]:o:
=.?:?@?E?K?
0-0P0]0i0q0y0
464H4S4
3B3e3p3v3
4F4`4z4|6
> >2>D>V>h>z>
1$2e2q2|3
3.4A4Y4y4
8 8'8.858<8C8K8S8[8g8p8u8{8
?-?4?8?<?@?D?H?L?P?
080?0D0H0L0m0
061<1@1D1H1
869^:p:
<%=?=H=v=|=
2z3n4v4'5
6G7M7[7
9,909P9p9
: :@:L:h:
;(;H;h;
7 7$7(7,7074787<7@7D7H7L7P7T7X7\7`7d7h7l7p7t7x7|7
8 8$8(8,8084888
9 9,90989
= =$=(=,=0=4=H=L=P=T=X=\=`=d=h=l=x=|=
>$>,>4><>D>L>T>\>d>l>t>|>
mscoree.dll
(null)
runtime error
TLOSS error
SING error
DOMAIN error
- Attempt to use MSIL code from this assembly during native code initialization
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
- not enough space for locale information
- Attempt to initialize the CRT more than once.
This indicates a bug in your application.
- CRT not initialized
- unable to initialize heap
- not enough space for lowio initialization
- not enough space for stdio initialization
- pure virtual function call
- not enough space for _onexit/atexit table
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
- not enough space for thread data
- abort() has been called
- not enough space for environment
- not enough space for arguments
- floating point support not loaded
@Microsoft Visual C++ Runtime Library
<program name unknown>
Runtime Error!
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
nKERNEL32.DLL
WUSER32.DLL
((((( H
h(((( H
H
pCONOUT$
tivunaciyec
jjjjjjjjj
AFX_DIALOG_LAYOUT
ERRORDIALOG
VS_VERSION_INFO
StringFileInform
10808EA7
FileVersions
29.47.75.23
Copyrighz
Copyright (C) 2022, pozkarte
ProjectVersion
28.82.74.73
SomeInfo
Translate
Error!
&Ignore
RZexijupem kog piwap bejusipivixexo yareda wene mafo rozisovecanupif rugifopat kimoBSive palesipan gevuyuran tujale weyanuj xiweluxuhix pifiy nusexekieXuvomuzeyujez jicuha nomekoy gapizadezoduj kafarudupoh howolayuj dimepam gelome wekotefosij sejecakum
2Dap tatikafadehibu fiduvigovido lozepe konazorewap2Vosukuxixit tavada yitumogij pebuwubac wifiputazec
Yuhovoyuyamovupe
Xih tagibibokexic1Tuheketitinupom pogibajejosag helujoxedapu napuwo
Jakaro
6Hasuxecem feyidez bahoxuzukahoso fidedubazisi vunifara;Dopozafabayi feraturifa xuhiw depuvi dalubo molinig pixeniw-Hadigaxonabifon hiziyraogadil ceneca mazavode
Xubuwibi
*Vezuzoladec mehumusutonobaw vefadusococavu1Yonufuwu zatuso fixeyajeraref miyuyix rosadi fehiANaziwokefek rijoyurogebetuc zekitosipudo cimoxirosur vewodat cidi
MHufupolika fovava sof jixa vegomibower migukux pahedev hatecuzagix liceyohugo
LabegabunerurutDHixibe kuxen jugediwuzaxexif jelijapux bik goramep fewakow focipiyuf
JRoyixihir rukeboga cenilibiwirepe hegoneko puxesuk zuxahehiri hahaz vacoce7Horenude foh yirika kizeferavibira vuzuzoke jifejihokoy6Somefupekiz fucokuluwa disatete neparukagan nojekucape
#Yeyodup yihojejizuxahud vufumubutat3Zehogocotimehuw revim bawijifa jibobin kifuresedasy=Vuf woregewaxofibe capopipubex xovokidecule vedi fumu vifiwer
Antivirus Signature
Bkav W32.AIDetect.malware1
Lionic Clean
Elastic malicious (high confidence)
DrWeb Clean
MicroWorld-eScan Gen:Variant.Babar.52465
FireEye Generic.mg.4183fdaae3671eb0
CAT-QuickHeal Clean
ALYac Gen:Variant.Babar.52465
Cylance Unsafe
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
Alibaba Clean
K7GW Clean
CrowdStrike win/malicious_confidence_100% (D)
BitDefenderTheta Clean
VirIT Clean
Cyren W32/Kryptik.GOQ.gen!Eldorado
Symantec ML.Attribute.HighConfidence
tehtris Generic.Malware
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto generic.ml
ClamAV Clean
Kaspersky UDS:Trojan.Win32.Weelsof.gen
BitDefender Gen:Variant.Babar.52465
NANO-Antivirus Clean
SUPERAntiSpyware Clean
Avast FileRepMalware [Drp]
Tencent Clean
Ad-Aware Gen:Variant.Babar.52465
Sophos ML/PE-A
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
SentinelOne Static AI - Malicious PE
CMC Clean
Emsisoft Gen:Variant.Babar.52465 (B)
Ikarus Trojan.Crypter
Jiangmin Clean
Webroot Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Microsoft Ransom:Win32/StopCrypt!ml
Gridinsoft Clean
Arcabit Clean
ViRobot Clean
ZoneAlarm Clean
GData Gen:Variant.Babar.52465
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis suspicious
McAfee Clean
MAX malware (ai score=83)
VBA32 Malware-Cryptor.InstallCore.6
Malwarebytes Trojan.MalPack.GS
APEX Malicious
Rising Trojan.Generic@AI.99 (RDMK:cmRtazpgkQ228oFb1susI9i5HhAf)
Yandex Clean
TACHYON Clean
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/GenKryptik.ERHN!tr
AVG FileRepMalware [Drp]
Cybereason malicious.2016e1
Panda Clean
No IRMA results available.