popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2022-12-23 00:22:44

PE Imphash

f171bb6c6f6b1d6d32649a265a2ed44a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x000068b4 0x00006a00 5.9565941359
.data 0x00008000 0x0002c3e4 0x0002c400 6.58278624627
.rdata 0x00035000 0x00000ac0 0x00000c00 6.68585789981
.eh_fram 0x00036000 0x0000091c 0x00000a00 4.4293037288
.bss 0x00037000 0x000000cc 0x00000000 0.0
.idata 0x00038000 0x00000578 0x00000600 4.69508646872
.CRT 0x00039000 0x00000030 0x00000200 0.215533144857
.tls 0x0003a000 0x00000008 0x00000200 0.0
.reloc 0x0003b000 0x0000064c 0x00000800 5.92477140226

Imports

Library KERNEL32.dll:
0x438104 CreateEventW
0x438108 CreateMutexW
0x438114 ExitProcess
0x438118 FreeConsole
0x43811c FreeLibrary
0x438120 GetCurrentProcessId
0x438124 GetLastError
0x438128 GetModuleHandleA
0x43812c GetProcAddress
0x438130 GetStartupInfoA
0x438140 LoadLibraryA
0x438144 ReleaseMutex
0x438148 ResetEvent
0x43814c SetEvent
0x438154 Sleep
0x438158 TlsGetValue
0x43815c VirtualProtect
0x438160 VirtualQuery
Library msvcrt.dll:
0x438168 __getmainargs
0x43816c __initenv
0x438170 __p__acmdln
0x438174 __p__commode
0x438178 __p__fmode
0x43817c __set_app_type
0x438180 __setusermatherr
0x438184 _amsg_exit
0x438188 _cexit
0x43818c _initterm
0x438190 _iob
0x438194 _onexit
0x438198 abort
0x43819c calloc
0x4381a0 exit
0x4381a4 fprintf
0x4381a8 free
0x4381ac fwrite
0x4381b0 malloc
0x4381b4 memcpy
0x4381b8 signal
0x4381bc strlen
0x4381c0 strncmp
0x4381c4 vfprintf
!This program cannot be run in DOS mode.
`.data
.rdata
@.eh_fram
.idata
.reloc
,-a4hI3
O3@mO$e
@``.R3r
Qk(0 @
dE-7f~
Qq,[ 3
f`%1Kr
@jsE @
1Go@`
Sf8>!@
@j(F @
@jo) @
dE-7f~
r``*/c
F`%sa@
`>EF
0e`~ @
`a%6_\}W
,-h``!eP;
0e`4 @
0d`1 @
0k`@ @
1E`pRK
fj+ F*
J($@`
`f,(B(
JsA@`
$GsJ@`
0e``!@
FsW@`
k(c@`
D(!@`
F("@`
Fo2@`
0c`H @
D(`@`
J(LA`
Ewof!@
0d`X @
,ggo6@
Sy+%2Y(
@(>@`
3P8\@`
@jsE @
l-h``!eP1
0f`| @
%6_*}3%
xZ(L@`
|K`p:/
t/>``";
fwjyB{
Bwj_7*
r.L 0"
p@8:``(
``>`hL
@j() @
P`pRv2
k-h``
mK|)/b
`>@f~.A
@`*Z"ho
^b{$ @
^b{+ @
*Bb(O@
D(q@`
D~o@`
D~o@`
Jo:@`
+`h* @
w-h``!e
`a""ho
`d*>B{
`d*>B{
dJ""C}
dJ""C}
^b{x @
*~b{Y@
^b{| @
*~b{]@
*>B{`@`
@d*""C}g@`
@j*2";
D(qA`
)_&m(`
`j+!W*
(f`XlG
*CC'v`F\c
xU;f`Mmu
ln*&@/
]C'v`-
s! .%@SA
`aHK xV
A`(@`` @
kaX @E
j``I`` @
Bw8@,^ @
aT``` @
xI/a`0A
`fH[3qX
`a@q&l8s
xI/a`wA
xI/a`FA
G`]AdP
xI/a`dBIV
3``!@/
3``#@
3``#@
;``"@|
`\)``$@
a`I/p`I@i
IaI/@`Y!
D`}8S`
1ck.ga1#u$
C! !)
cC1fd1#z7
!J2?I\
"G$3KI
Eh)i.a
na"p$'N
1Jq)#79
Nb|@d9
s`!R`%
s`!R`&
s`!R@)
s`!R@*
/sae>`/
!``ps
vSC0 |>
0%P9frF
XA7dsD
2X%4ds1
1`\>P_
$%nuM%r
0R`2aq9
r`EnT)t
r`__s4a
r"FFcr0
_R`<i$1
3IDS$2
F"!Dbt0
pRBEcuB
2S%3bs
3`W9eyB
0!P0dx7
t`EnT)t
D#U4 "6
0TX4 q0
@?_ST!t
u?_6 'e
6Y&2bq7
&9DduB
DPRCbs7
wQF8 'e
FPT3dv6
%5Dby0
1W&7cyF
0VY6a@4
T#Dat4
C"%4aw1
`5Bbs7
CXPEas2
t!21et2
C%U3epA
D`"5btF
qP7Aar3
8!P6ew1
x"F4ap4
!AF wB
3YS9epF
s!F1cv0
m*3On@T
n60n@P@r
~tO0]60
b`\>C@S
$`geTM
$`aaD@s
_?"aC+i
_?"aC+i
k??BA#k
_?"aC+i
?BaC+i
$`sdFyj
e`#rE!t
e`"eG)n
(.amE@C
%`geTU
@/peR!t
t?#lI%n
t?#uL4u
,3itE@D
@4arG%t
%`RuN4i
(asv!l
g`3yS4e
@3ysT%m
(`seTM
##alL"a
+`AlL/c
@0roG2a
n`'aT%w
@*soN@S
2`prO6i
@0arT3S
2`GaM%L
@#ryP4o
43erI!l
cN)EN5m
sTas 3e
4?InS4a
@'etd)r
3`IPi.t
3`exP)r
4?PaS3e
s`&iL%A
3`adD2e
t`3yS4e
n)EnU-e
@3ysT%m
@0oiN4
@/peR!t
W,`E .
!&`S x
r!$ej!R
`qi'@
^.!`d3
l@CuL4u
lL@PU"l
HUrU!R
`wMI#r
`mVI3u
u3tR)p
TneVA,u
0!ftE2O
D.amEGE
%fEnT)t
ef%nT)t
F%ntI4y
%]"yE3"
\OsE#u
libgcc_s_dw2-1.dll
__register_frame_info
__deregister_frame_info
qg20QmDEXWjxKN8fUxXYEWe5rXpWPaclvNxQfPSiu3qzQWI9oWyb24nHaIoAowxDvAC9CxlWVxL1zQTcj2MsuGZ1zu
a2L7H0vXIgwCWjc0Q2Es1YVtF59xL4iZpARXGRkEsf8kupkCGQRaL1GqXKomZFyluHVzTwOuVAlM799cizC5bEbh3G
/>]Ah']qW
kE\j',] C
]u u^g
W]zp ]
B]Pm6^p
\DI=]9
+]I%!],
Unknown error
_matherr(): %s in %s(%g, %g) (retval=%g)
Argument domain error (DOMAIN)
Argument singularity (SIGN)
Overflow range error (OVERFLOW)
The result is too small to be represented (UNDERFLOW)
Total loss of significance (TLOSS)
Partial loss of significance (PLOSS)
Mingw-w64 runtime failure:
Address %p has no image-section
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
GCC: (i686-win32-dwarf-rev1, Built by MinGW-W64 project) 12.2.0
CreateEventW
CreateMutexW
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeConsole
FreeLibrary
GetCurrentProcessId
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
ReleaseMutex
ResetEvent
SetEvent
SetUnhandledExceptionFilter
TlsGetValue
VirtualProtect
VirtualQuery
__getmainargs
__initenv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_initterm
_onexit
calloc
fprintf
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
KERNEL32.dll
msvcrt.dll
0 0*040@0F0P0W0\0w0
1!1&1.1:1A1r1
12%2-242D2H2
2V3`3f3q3z3
4'4D4K4Q4
5)50595g5r5y5
7.777@7j7s7|7
8'80898B8l8u8~8
8 9)929\9e9n9w9
9":+:4:^:g:p:
:$;-;6;`;i;r;
;&</<8<b<k<t<
==(=1=:=d=m=v=
>!>*>T>]>f>o>x>
?#?,?V?_?h?
0%0.0X0a0j0
0O2X2a2
3?3H3Q3{3
4A4J4S4}4
5C5L5U5
6E6N6W6
757>7G7P7Y7
878@8I8s8|8
999B9K9u9~9
:;:D:M:w:
;=;F;O;y;
<-<6<D<e<o<t<
<#=,=5=_=h=q=
>%>.>7>a>j>s>
?'?Q?Z?c?l?u?
0 0)0S0\0e0
1"1+1U1^1g1
2$2-2W2`2i2
3&3/3Y3b3k3
44I4R4[4d4m4
5!5K5T5]5
6#6M6V6_6
6!7:7]7d7
818G8s8
<(<:<N<j<
>!>/>B>q>
J1P1V1c1i1
2E2c2i2o2
2!3*343S3]3h3n3
5)5.545
6*6E6O6^6h6o6u6
8"8*828:8B8J8R8Z8b8j8r8z8
9 9$9(9,909
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Clean
ClamAV Clean
FireEye Generic.mg.c1adaf98f8c56704
CAT-QuickHeal Clean
McAfee Clean
Cylance Unsafe
Zillya Clean
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_70% (D)
BitDefender Clean
K7GW Clean
K7AntiVirus Clean
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Rozena.BND
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky VHO:Trojan-Banker.Win32.Bandra.gen
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
Sophos Clean
Comodo Clean
F-Secure Clean
DrWeb Clean
VIPRE Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
CMC Clean
Emsisoft Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Avira Clean
MAX Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Wacatac.B!ml
Google Clean
AhnLab-V3 Clean
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaE.36158.nKW@aWy2eZk
ALYac Clean
TACHYON Clean
VBA32 Clean
Malwarebytes Clean
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
AVG Clean
Cybereason malicious.1f39cc
Avast Clean
No IRMA results available.