popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-05-23 18:56:54

PE Imphash

b60d18971f329cb5243e0198109a3914

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000065b6 0x00006600 6.30462878635
.rdata 0x00008000 0x000004ce 0x00000600 3.84905098626
.data 0x00009000 0x000ac7d1 0x000ac800 4.42160921557

Imports

Library SHLWAPI.dll:
0x180008000 StrChrW
0x180008008 StrStrA
0x180008010 StrToInt64ExA
0x180008018 StrToInt64ExW
0x180008020 StrChrA
Library ole32.dll:
0x180008030 CoGetContextToken
0x180008038 CoGetStandardMarshal
0x180008040 PropVariantClear
0x180008048 SNB_UserMarshal
0x180008050 StgIsStorageFile
0x180008058 StgOpenStorageEx
0x180008060 OleQueryLinkFromData
0x180008068 OleNoteObjectVisible

Exports

Ordinal Address Name
1 0x180006d9f BLawoX
2 0x180006fa8 DQeCfWsaaS
3 0x1800010a4 DllRegisterServer
4 0x180006b1b FLzChEzQ
5 0x180006881 MTxVfU
6 0x180006b61 MzEcZXbzdF
7 0x18000698f SAKGfztl
8 0x180006f23 SwFJJKLNqq
9 0x180007123 asbbCg
10 0x180006e3a cwZAbFv
11 0x180006a58 exkDsP
12 0x180006d3a ggQKgzIr
13 0x180006cb7 jzbTYAi
14 0x180006c45 phTqcsNgtrP
15 0x1800067a6 rfWHGX
16 0x180007282 tmbGVMHZIy
17 0x18000724c zDnFFlqDtA
18 0x1800071b0 zNMGUb
19 0x18000705d zQYMUrW
!This program cannot be run in DOS mode.
`.rdata
@.data
yH9D$0u
D$24f;
D$4`f;
D$@Af;
D$@1f;
D$>5f;
D$=lf;
D$:-f;
H9D$0s
D$(H9D$0u
H9D$`v
H9D$8s
H9D$8w
H+D$8:
H+D$8H
H9D$8v
D$$9D$Du
D$hH9D$Xv
H9D$Xs
D$$9D$Ps
H9D$8w
H9D$8w
D$xH9D$8w
tg3D$H%
H9D$hs
D$$9D$Dw$
+D$ f;
GH9D$Pr
A0H9D$Ps
D$8H9D$(t
HcL$0Hk
D$<:f;
D$HHcD$D:
HcD$DH
HcD$4H
HcD$0H
D$P9D$ s
H;D$(s
H;D$8u
H;D$(s
$H;D$8u!
H;D$(s
kxFFt5.dll
BLawoX
DQeCfWsaaS
DllRegisterServer
FLzChEzQ
MTxVfU
MzEcZXbzdF
SAKGfztl
SwFJJKLNqq
asbbCg
cwZAbFv
exkDsP
ggQKgzIr
jzbTYAi
phTqcsNgtrP
rfWHGX
tmbGVMHZIy
zDnFFlqDtA
zNMGUb
zQYMUrW
.text$mn
.idata$5
.rdata
.edata
.rdata$zzzdbg
.idata$2
.idata$3
.idata$4
.idata$6
StrChrA
StrChrW
StrStrA
StrToInt64ExA
StrToInt64ExW
SHLWAPI.dll
CoGetContextToken
CoGetStandardMarshal
PropVariantClear
SNB_UserMarshal
StgIsStorageFile
StgOpenStorageEx
OleQueryLinkFromData
OleNoteObjectVisible
ole32.dll
BVj.f+
U04h8lAio06WccmoKvY5ToVA7sdIy6f20
4b6ddf07e6e45629622a7add3ae7ccf735eadb0fb62995f8033804de3e3e025c0e3b10dbcd99b3134184ba5a8b5ef89a614054885960be21c14e865cf69f9ae1353d7dc9e79f9639f3514cc573be32abfa451a4855efbe584f700461cda012f567343af283934f12aa4619c1580181b370baf74223607b17eb312f1b734313fdbd7dbe249adcddbc30887e2239cb86bac035e873f0f1afcbd27aa892c92d47acde093c6becf0ff7c7d6226aa2019d3fbd89a3b0f7115c66e91408b6a0106cec57dd2630cc6a8892287a8cd8da26871066067d93910a3517dc51df471be6311b0ecde2516246b27611c2d7dd0a982dfe8d5380b79a7d8b22c8f5806cd529e5b1cd1b057229d59cd8649804ea7fb646f7139874cae1105680a689aee26809a84b9d842948f5262d23e1b346b85876514aad0b4ae35bc5cec7ba00af8aed34ea91c70e646c132342fea1ce638126350fbfe151f5d4d8d2447ef98f358b19392504240405a091f6d153973f87beaafc0b25566968c71599ace09332e05b7c05f4c68baa3ab75cf5fb29d08e9db1925d06ccf6b923469919ef383909d14dcc4a44f9e04d45c81c49ca9ea832877209f53b15661d60fe503249fc288276a493dfd17c63c28b06ba961c4f2c8d5b0cc43207d8a86191cf22e7e885feaef3d50478ed48abbe4f23f6d65b1f67ce5e5d31a24f0783f07bed1b37c25697925a914ebd7ef5b
G/ Lmy
!d=`B|e
^Z\Wu=
n'VS]~_
j:Z`y^
_*-Tf.
[Mo~j2
!Ca,c
JyC-'~=
5R-TT{%
Antivirus Signature
Bkav Clean
Lionic Clean
tehtris Clean
DrWeb Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
ALYac Clean
Cylance Unsafe
Sangfor Suspicious.Win32.Save.a
CrowdStrike Clean
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec Clean
Elastic malicious (high confidence)
ESET-NOD32 Clean
APEX Clean
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
CMC Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Malicious (score: 100)
AhnLab-V3 Clean
Acronis Clean
McAfee Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
Avast Clean
No IRMA results available.